safepass.me® comes with a handful of Enterprise-level features and benefits that will enable companies to have more flexibility of deployment and of use. It will also enhance the overall experience by providing additional tools that can be used to augment safepass.me® core features.
There is also a rich roadmap of enterprise features coming up, including enterprise-level dashboards, supporting scripts, enhanced logging and centralisation features, etc.
Below, we discuss some of the major features and benefits of safepass.me®.
Dry Run Mode, or Demo Mode
Dry Run mode is the ability to test safepass.me® in a live environment without it actually taking any action.
By configuring safepass.me® in Dry Run mode you will be able to see in the Application logs what action it would have taken without potentially impacting current operations.
If you have SIEM solution it will be easy to query the logs to determine what the full impact would have been.
We can additionally provide some Powershell script to parse the logs and display them in a graphical format.
Fast Password Audits with pwncheck®
pwncheck® (patent pending) is the simplest and quickest way to get an overview of how many users on your network are using compromised or weak passwords. We use the most comprehensive and authoritative collection of compromised passwords and pack it in a relatively small self-contained and encrypted binary file using the best algorithms currently available.
There are two main reasons to capitalise on this option:
- If you have custom requirements, we can create a custom build to match.
- If there is a custom bug reported then we can deliver a hotfix for you to apply outside of standard release cycles.
- For the Professional edition it is access to general availability builds and applying only major releases invariably will lead to some delay in remediating.
Our Fuzzy Matching technology is heavily based on the Damerau–Levenshtein (DL) distance calculation and AI.
The DL distance is how many characters difference (insert, delete, substitution) you tolerate before recognising a match. Take for instance the word ‘banana’. If this word is in the custom dictionary, a user who enters this word will find it is blocked. If the user entered the word bananaS, a naive match would not block it, but safepass.me® will as it contains the substring ‘banana’.
The Advanced Fuzzy matching allows you to tailor the match distance based on the length of the word itself. There is always a trade-off. For instance, if your password policy states all passwords should be eight characters long, and you set a distance of 8 characters, all passwords will be rejected and blocked. In other words there is always a balancing act — match too fuzzily and the user can’t pick anything, match too loosely and the user can pick a password that is very similar to a breached password. The benefit of this option is that you need less words in your custom dictionary to match user passwords, and therefore you gain speed, dictionary size and convenience and ultimately, of course, security and peace of mind.
Professional vs Enterprise
When evaluating which edition to go for, it very much depends on the culture of security in your organisation, your appetite for risk and the balance between security and flexibility. This is something we understand well, having a demonstrated history of security testing and auditing.
The Professional edition has been architected to be secure, but not flexible. The Enterprise edition allows you to be more flexible and has custom features that in essence allow you to go against security best-practices — e.g. white listing users such as C-Level who wish to bypass password policy enforcement.
The Enterprise level also unlocks the advanced support options, which are of value, particularly when it comes to implementation and integration, and which are not available for the Professional Edition.
We understand that many organisations operate in an agile space where there is a need for flexibility to drive innovation and regard security as something that disables it, and we respect it which is why we want to enable you and not stifle you.
If however your only driver is security, then we would recommend you pick the Professional Edition (which can’t be mis-configured, by design).