VeriClouds Announces Support for NIST Special Publication 800-63B Authentication and Lifecycle Management

Share Article

VeriClouds today announced general availability of NIST password compliance check, a feature of its premium product CredVerify.

Today, organizations not only have the opportunity to enhance the security of identity and access management, they have the obligation to do so.

VeriClouds, a pioneer and leader in compromised credential verification, today announced that it would provide support for the latest password requirements as set forth in NIST Special Publication 800-63B, Authentication and Lifecycle Management. VeriClouds recognizes that most breaches we hear about today are caused by weak or stolen credentials, and the importance of enforcing policies for stronger passwords. VeriClouds CredVerify is a credential verification service that detects compromised credentials with visibility into more than 90% of stolen and leaked databases on the dark web. Leveraging its database of more than 6 billion records, VeriClouds extends its core product with additional checks that will be leveraged by the public sector and security focused companies, driven by enhanced security and compliance with the latest guidelines.

Protecting sensitive data and applications from unauthorized access has emerged an urgent requirement for businesses around the globe. In a world where 81% of data breaches are caused by weak or stolen passwords, 2-Factor (2FA) authentication is not the silver bullet that many hoped it would be. 2FA is neither widely deployed nor mandated for consumer services such as banking, online retail and most legacy applications, leaving sensitive data at risk. Seeing the opportunity to improve on the security of authentication, VeriClouds CredVerify goes beyond context and behavioral risk analysis by introducing credential verification into the authentication calculus, using actual breach data and password matching methods to detect and prevent reuse and abuse from cyber adversaries.

“Previously considered a grey area, the latest NIST guidelines legitimize the use of databases of compromised credentials to identify and respond to risk of compromised credentials in our business applications,” said Steve Tout, CEO of VeriClouds. “At VeriClouds, our view is that identity and access management is not a complete solution without visibility into those compromised credentials that are being sold on the dark web. Today, organizations not only have the opportunity to enhance the security of identity and access management, they have the obligation to do so.”

VeriClouds CredVerify helps enforce the NIST password requirement guidelines for IdPs by screening of new passwords against lists of commonly used or compromised passwords. The types of lists acceptable to the NIST guidelines include:

  • Passwords obtained from previous breach corpuses.
  • Dictionary words.
  • Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).
  • Context-specific words, such as the name of the service, the username, and derivatives thereof.

The NIST guidelines are available at:

"Our goal is to plug into as many IAM, CASB, SIEM and threat intelligence platforms as possible to make sure visibility into compromised credentials is factored into authentication and threat response in real time," said Steve Tout, CEO of VeriClouds. "We find that between 15-40% of a typical organizations credentials already exist in our database, and we want to make sure the risk of compromised credentials is ubiquitous and adopted by as many as who wish to use the service."

You can see a demo of CredVerify at Black Hat in Las Vegas, July 26-27, at Booth IC67.

About VeriClouds
VeriClouds is a credential verification services company helping organizations detect compromised credentials before hackers do, using the same data attackers do, proactively monitoring the dark web and systematically reducing user-centric risk. VeriClouds provides the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. VeriClouds was founded in 2014 by Rui Wang, a former security researcher at Microsoft with a PhD in cyber security, and Stan Bounev, a successful entrepreneur with over 16 years of corporate and startup experience in the banking and technology industries. VeriClouds has built one of the largest commercially available databases including breach data from the dark web and diverse data sources using privacy preserving principles and strong encryption. To learn more visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

+1 (408) 825-3350
Email >
Follow >
Visit website