Yes, my Domain is in Protected Domains list in Zero Phishing settings.

Hi Serhii,
please find bellow the information about the Password Reuse functionality and use:

The basic flow of the “Password Reuse” feature is as follows:

1. The admin defines the protected corporate domains in SBA4B policy.
2. A user submits his/her credentials in a form that belongs to one of the protected domains.
3. The password hash will be taken (sha256, hmac) and saved in local browser storage
4. Once the user will use the same password in a non-protected domain, the system will trigger according to configuration (log, usercheck)
   
   It is importent to note point#2 - the user must enter his credentials of the protected domain after the domain was add to the protected domains, and the configuration was synced to the extension.
   there is no integration with AD, so the extension "learns" the password it needs to protect once the user type them in the a protected domain web site

Hi, Ziv
I have configured SBA4B policy, added my domain to pretected domains list, made my computer a domain member and after that installed CheckPoint SBA4B on my machine (with installer which was downloaded from SmartEndpoint Server). Is it possible that SBA4B does not recognize site as protected domain's one if there is an error with certificate or if I address it with IP in URL string?

Thank You for answering.

Hi,
The extension domain need an exact domain match according to the protected domain list,
if you will use IP instead of the domain name the password reuse will not be triggered.

Hi, Ziv!

Tell me, please, if we clear browser cache - will SandBlast Extension recognize the domain password, or we need to re-enter it on the domain site again?

Pretty sure the answer to this is no as it wouldn't make sense to use the browser cache for this (which may not cache the password anyway).

Hi Olga,

clearing the browser cache won't delete the extension data, so the extension will still recognize the domain passwords

Hi again. 

My misunderstanding.

Just add those domains in "Protected Domains" and it will work just fine

I was looking for something related to this and tripped over this thread.

Just in case anyone else looking to make the password re-use protection feature work properly for Office 365 - as in making Office 365 authentication be the 'trusted' side for the corporate credentials - either synchronised with the on premises AD or stand-alone - it doesn't really matter which, trusted is trusted

The portal.office.com FQDN redirects to the basic 'office.com' so doesn't really play a key part.

The domains that you need to put in to the 'trusted domains section of the 'Zero Phishing Settings' 'protected domains' list are:

login.microsoftonline.com

office.com

Very possibly portal.office.com (I don't believe so but just in case, and it'll do no harm to add it)

Just today I did a step by step test on a new implementation and tried just using login.microsoftonline.com; this was *not* sufficient for the zero phishing to hash the password, even though it redirects to that FQDN prior the the user typing in the login name and password - office.com is essential too!

Funny old thing Microsoft authentication - but add these two to the protected domains and it works a treat! Everyone who sees this for the first time is impressed, just try logging on to any other site with the same credentials after logging in (on a browser) and when the new browser tab opens with the warning about how this is not a secure practice there is always a gasp from the person watching!

Lovely piece of technology, nice work Check Point!