PasswordPing for Active Directory

Protect your corporate network from compromised credentials

“Identity has been at the heart of most every breach in the past two years. Many of these breaches have involved someone gaining access by using compromised identity, then changing their identity once inside the network to ratchet up access to data and systems by taking over a privileged account and in the process gaining unlimited access to the network, to systems and to data.”The Global State of Information Security Survey 2017
Reduce the attack window

As soon as PasswordPing indexes a new breach and a user’s compromised credentials are confirmed, we immediately alert Active Directory to prompt a password reset, substantially reducing the time your network is at risk.

Avoid false positives

Just seeing a username in a breach shouldn’t require users to reset their passwords. We check their current password to confirm that their credentials were actually compromised, reducing unnecessary admin alerts and end user frustration.

Harden new passwords

PasswordPing can also be used to enhance your password policies so they automatically restrict the selection of any password that was previously compromised, helping users avoid unsafe password found in hacking dictionaries.

Enterprise Security

Built for the most security conscious organization.
Read our Security Overview

PasswordPing for Active Directory

Flow for PasswordPing for Active Directory
How it works:

1. Usernames in Active Directory are automatically subscribed to PasswordPing service.

2. When username is identified in a breach, the PasswordPing service notifies the PasswordPing Active Directory Agent Service.

3. The agent then passes a secure, salted hash of the user’s credentials to the PasswordPing service, which determines if they have been compromised.

4. If user’s credentials are compromised, PasswordPing sets the “User must reset password on next login” flag in Active Directory, thus blocking authentication attempts using the compromised credentials.

* Optional: Reset password can also be validated against all known compromised passwords, extending existing AD policies.

Protect your organization from stolen credentials with PasswordPing