I’m excited to announce the release of a new 1Password feature designed to help businesses keep their data safe: domain breach report. Create a report to get a list of all company email addresses that have been caught in known data breaches, so you can find and close doors to your data that have been unwittingly left open.
Identify risks, secure your company
Once you have the list of exposed email addresses, you can see the kinds of data exposed in each case. This helps you prioritize next actions.
Crucially, the domain breach report flags exposed passwords, so you can let affected team members know they need to change those passwords immediately. You can also invite affected users to 1Password directly from the report so they can generate strong, unique passwords to use instead.
Once set up with 1Password, they can also use 1Password Watchtower to see where breached passwords have been reused, and change them to make sure those exposed passwords don’t lead to more important accounts being compromised.
Why businesses need to care about data breaches
One breach can open many doors. Because of the widespread problem of password reuse, a data breach on one website can mean many other sites are affected. This is a huge blindspot for many organizations. Research by Google and Harris Poll in February 2019 suggests that 65% of people reuse passwords on some or all of their accounts.
Hackers use a relatively simple technique known as credential stuffing, where many stolen passwords (and similar computer-generated derivations) are “stuffed” into sites across the internet until the hacker is able to log in. According to the Verizon 2020 Data Breach Investigations Report, 67% of all breaches come from credential theft, errors, or social attacks.
If hackers gain access to the applications you use for work, they may have access to sensitive information about your company, employees or customers. This could leave the company facing costly fines for violating regulations, and a loss of trust in its operations and brand.
Respect for privacy
If you know 1Password, you know we take security and privacy very seriously. For the domain breach report, we’ve taken a number of steps to make sure that, in highlighting risks posed by breaches, the privacy of your team is maintained:
- Confirm your domains: we send a confirmation email, so only you can generate a report for your domains
- Owners control access: only a 1Password owner in your business can create a domain breach – though they can choose to share it with administrators and a Security group they can create
- Passwords and other data aren’t shown: you can see if a password has been exposed, not what it was – the same goes for other information exposed
- Personally-sensitive breaches: breaches that are known to be personally sensitive, such as breaches of adult dating sites, do not appear in the report
How to get started
Domain breach report is available today with 1Password Business and 1Password Teams. Visit 1Password Support to see how to create a domain breach report, or if you don’t use 1Password you can start a free trial to create a report.
We’re so excited to get this feature out into the world, as we think it can help businesses improve their security right away. If you have any thoughts or questions, we’d love to hear from you. Our forums are a great place to share feedback.