Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergo89
Collaborator
Jump to solution

Harmony Endpoint Passwords check

Hi Everybody,

do you know how Harmony Endpoint (Zero-Phishing defense) works? I mean password comparing part. Does it save hash of password? and take list of internal sites from - Protected Domains and saved hash of passwords?

 

thanks

0 Kudos
1 Solution

Accepted Solutions
Luiz_
Collaborator

The basic flow of the “Password Reuse” feature is as follows:

  1. The admin defines the protected corporate domains in SBA4B policy.
  2. A user submits his/her credentials in a form that belongs to one of the protected domains.
  3. The password hash will be taken (sha256, hmac) and saved in local browser storage
  4. Once the user will use the same password in a non-protected domain, the system will trigger according to configuration (log, usercheck)

    It is importent to note point#2 - the user must enter his credentials of the protected domain after the domain was add to the protected domains, and the configuration was synced to the extension.
    there is no integration with AD, so the extension "learns" the password it needs to protect once the user type them in the a protected domain web site

 

Source: https://community.checkpoint.com/t5/Endpoint/Password-Reuse-testing/m-p/22054/highlight/true#M3695

View solution in original post

1 Reply
Luiz_
Collaborator

The basic flow of the “Password Reuse” feature is as follows:

  1. The admin defines the protected corporate domains in SBA4B policy.
  2. A user submits his/her credentials in a form that belongs to one of the protected domains.
  3. The password hash will be taken (sha256, hmac) and saved in local browser storage
  4. Once the user will use the same password in a non-protected domain, the system will trigger according to configuration (log, usercheck)

    It is importent to note point#2 - the user must enter his credentials of the protected domain after the domain was add to the protected domains, and the configuration was synced to the extension.
    there is no integration with AD, so the extension "learns" the password it needs to protect once the user type them in the a protected domain web site

 

Source: https://community.checkpoint.com/t5/Endpoint/Password-Reuse-testing/m-p/22054/highlight/true#M3695

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events