To help keep user accounts secure, you can enforce an ongoing check for compromised passwords during Loyalty sign-in. This feature allows you to monitor compliance with new password policies and respond to credential-stuffing attacks.
Note: We check password entries against a list maintained by the third-party site HaveIBeenPwnd.
Steps
- Go to Loyalty Manager > Loyalty Admin > Configuration > Settings.
- Search for CheckForCompromisedPasswordsOnSignIn.
- Select your preferred value:
-
Off (default): No check.
-
Alert: Passwords checked; successful sign-ins with a compromised password are noted in the Vista Personal Data Audit log.
Tip: Use Alert to monitor password-policy compliance. Review the Vista Personal Data Audit log to identify compromised users during a credential stuffing attack.
-
Block: Passwords checked, attempted sign-ins with a compromised password are blocked, and noted in the Vista Personal Data Audit log. Members must reset their password.
Tip: Use Block if you are targeted by credential stuffing attacks.
Note: While blocking sign-in attempts enhances security, it may still inform an attacker of valid credentials. You may wish to inform your users of this sign-in attempt and require them to reset their password.
-
- Click Save.
See also:
Comments
0 comments
Please sign in to leave a comment.