Deloitte's tool "Access Key Discovery" scans documents to detect stored passwords.
Passwords and API-keys are generally required to securely access a service or file locations. While increasing cyber-security incidents have created a general awareness of what constitutes a safe password, the fact that the incidents persist bears evidence to the continued risk of their inappropriate handling.
Even passwords that respect commonly accepted security criteria (minimum length, uppercase and lowercase letters as well as special characters) are not secure if they are written directly into emails, documents or code, rather than being stored exclusively in secure locations such as password managers.
Multiple copies of such documents are scattered across hard drives and stored in the cloud, proliferated by sharing across teams and – worse – even outside the organization in collaboration with clients. Exposed passwords are a goldmine for hackers and pose a significant security risk to organizations. Breaches can be costly – in terms of reputational damage (stolen customer information), time-consuming clean-up, and even regulatory fines.
Prevention requires vigilance and dedicated effort – sifting through countless documents to ensure they are safe. Faced with competing priorities and scarce resources, organizations struggle to manage password security proactively and find themselves lacking the appropriate controls.
Deloitte’s approach with Access Key Discovery addresses these issues by enabling users to easily search documents for all kinds of stored passwords. It supports 26 different file formats, and lets you customize your search according to a variety of parameters.
Once a file has been uploaded to Access Key Discovery, users can choose between (or combine) three different detection methods: Algorithms, Model with Public Dataset and Word-Match Index. All three methods may be used in parallel and assigned a weight for their relative contribution. The Algorithms method can be fine-tuned with additional filters, such as regular expressions or hashes. The Public Dataset model uses multiclass classification to predict password strength, customizable via thresholds values between classes. The Word-Match Index method analyzes content based on common password characteristics.
Detailed results of the password scan may be filtered by 20 feature tags that reveal a password’s location, features and type. Summary results may be viewed by means of several interactive graphs, such as distribution of passwords by metrics orvtop files by embedded passwords.
Neues Fenster öffnen