We’ve added a new option to your login settings in Syncro to optionally monitor whether the passwords you and your teams use to login to Syncro have previously appeared in a data breach outside of Syncro.
How does Syncro determine whether your password has potentially appeared in a data breach?With Compromised Login Password Detection enabled, each time you and your team login into Syncro, we will securely scan your hashed password using Have I Been Pwned? to determine whether it has potentially appeared in a data breach outside of Syncro. Syncro only stores encrypted login data and never shares your login data with third-party services.
Note: Syncro will not enforce that you or your team reset your login passwords should we determine that they were potentially compromised, we’ll only recommend that you reset your password to something more secure in Syncro and anywhere else they may be used.
Enabling Compromised Login Password Detection and Getting Started
To enable Compromised Login Password Detection, you’ll want to head to the Login Settings from you Admin Settings page in Syncro:
Note: Enabling this setting extends to all users on your account. It cannot be enabled if you have SSO configured on your account.
Once enabled, Syncro will monitor and alert you after account login moving forward if we determine that the password you used to login may have been compromised by generating a banner as seen below:
You’ll also have the ability to optionally enable notification triggers in the Notification Center at Admin > Syncro Admin > Notification Center as indicated below:
The trigger ‘Compromised login password - Detected (for anyone)’ will trigger a notification when Syncro detects you or anyone else on your account has logged in with a potentially compromised password. Whereas the trigger, ‘Compromised login password - Detected (mine)’ will only trigger a notification when Syncro detects that you have logged in with a potentially compromised password.
What happens if Compromised Login Password Detection is enabled on my account, but I don’t want to change my password after it has been detected?
While we will not enforce that you reset your password, Syncro will continue to alert you with a banner after each sign-in and generate any corresponding notifications if enabled. The banner will auto-dismiss after you navigate away from the current page after login.
Does Syncro check whether my Email and Password combination were potentially compromised?
No, this update does not include scans of Email and Password combinations. We only scan login passwords at this time.
Can I check whether my Customer Credentials or Password Vault passwords have been compromised?
While Compromised Login Password Detection is limited to just Syncro user login passwords at this time, Have I been Pwned?'s password checker is free to use and available for you to scan any passwords you manage here: https://haveibeenpwned.com/Passwords