Harmony Endpoint Passwords check

Sergo89 — Mon, 11 Apr 2022 19:48:19 GMT

Hi Everybody,

do you know how Harmony Endpoint (Zero-Phishing defense) works? I mean password comparing part. Does it save hash of password? and take list of internal sites from - Protected Domains and saved hash of passwords?

thanks

Re: Harmony Endpoint Passwords check

Luiz_ — Mon, 11 Apr 2022 20:40:29 GMT

The basic flow of the “Password Reuse” feature is as follows:

The admin defines the protected corporate domains in SBA4B policy.
A user submits his/her credentials in a form that belongs to one of the protected domains.
The password hash will be taken (sha256, hmac) and saved in local browser storage
Once the user will use the same password in a non-protected domain, the system will trigger according to configuration (log, usercheck)

It is importent to note point#2 - the user must enter his credentials of the protected domain after the domain was add to the protected domains, and the configuration was synced to the extension.
there is no integration with AD, so the extension "learns" the password it needs to protect once the user type them in the a protected domain web site

Source: https://community.checkpoint.com/t5/Endpoint/Password-Reuse-testing/m-p/22054/highlight/true#M3695

topic Harmony Endpoint Passwords check in Endpoint

Harmony Endpoint Passwords check

Re: Harmony Endpoint Passwords check