Analytical Solutions : Password Recovery Service
Confidential intellectual property, networks, and systems depend on passwords chosen by end users. As managers, you must rely on your users to not place company assets at risk. At the same time, business functions are increasingly relying on password protected documents as a means to secure sensitive data, yet there are virtually no controls in place to ensure that the passwords used to protect those documents are adequate.
In many cases, little is done to enforce password standards beyond basic complexity controls built into authentication mechanisms. Your firm can have strong security controls, but all it takes to open up your intellectual property to an intruder is one weak user/administrator password.
To manage the risks associated with both of these scenarios, you need insight into how passwords are being chosen. KoreLogic’s Password Recovery Service was established to help quantify the risk for your organization and help you address these gaps as well as:
- Provide a secure method of outsourcing password audits providing a baseline of password strength and analysis of complexity.
- Equip security departments with the information needed to train end users on how to create stronger, more complex passwords.
- Equip security departments with the information needed to evaluate risks associated with the company's current password policy.
- Recover plaintext passwords for any number of possible legitimate uses such as auditing password complexity, identifying end users for additional training, supporting internal investigations, obtaining credentials for users who are no longer with the company, etc.
- Recover plaintext passwords for encrypted documents (e.g., PDF) and/or archives (e.g., ZIP) for any number of possible legitimate uses such as restoring access to password protected documents containing critical information, supporting internal investigations and/or eDiscovery requests, etc.
Why KoreLogic’s Password Recovery Service?
Until now, there have been three basic options when it comes to password security:
- Establish password complexity requirements, perform no audits, and hope for the best.
- Purchase hardware/software and perform the audit yourself. This approach will likely recover the short and common hashes, but fail to crack the longer, more complex passwords. The typical recovery rate for this approach is around 10-20%.
- Use an untrusted third party and/or cloud-based provider who cannot guarantee control of your intellectual property.
Why take those chances?
KoreLogic's password recovery service is done in a highly secure manner by experts who are well known in the industry, published and trusted by the password cracking community for a wealth and diversity of knowledge. KoreLogic has been collecting patterns and developing custom rules/wordlists to maximize cracking results for nearly a decade.
Additionally, KoreLogic has been funded by the Defense Advanced Research Projects Agency (DARPA) to conduct research and build innovative solutions aimed at reducing and/or eliminating the security risks mentioned above. You can trust that KoreLogic will keep your data safe and deliver a quality product with expected results.
Confidentiality and Security
KoreLogic takes security seriously. All KoreLogic systems used to distribute and/or crack any password hashes are:
- Owned, hardened and operated by KoreLogic (cloud-based or third party systems are never used).
- Deployed in physically secured environments with 24/7/365 surveillance requiring badge access and/or biometric authentication. Also, digitally monitored 24/7/365 by KoreLogic engineers.
- Protected using encrypted protocols (e.g., SSL, SSH, etc.) and media (e.g., AES-encrypted drives).
Additionally, candidate hashes, documents, and any other client-supplied data are only stored within KoreLogic's proprietary cracking grid for the duration of the work order. These items are explicity purged once the work order has ended.
For detail on Service and to read related Case Studies, Click Here.