safepass.me comes in two versions: Professional and Enterprise. There is also a Home version which is free for personal use.The primary difference between the two is that the Professional version is suitable as a plug and play way of protecting your users from entering compromised and weak passwords, comes in a secure default configuration and cannot be tampered with to disable any of its security mechanisms.The Enterprise edition has more flexible configuration options as well as a rich roadmap of enterprise features.The table below enumerated the difference in features between the two versions.
|Released version + Standard Product Updates|
|Multi Domain Licensing|
|Engineering build - bespoke custom requirements|
|Dry Run Mode|
|Access to detailed all versions of the product (rollback to any version)|
|password audits with pwncheck||Limited||Unlimited|
pwncheck™ (patent pending) is the simplest and quickest way to get an overview of how many users on your network
are using compromised or weak passwords.
We use the most comprehensive and authoritative collection of compromised passwords and pack it in a relatively small self-contained and encrypted binary file using the best algorithms currently available.
Dry Run mode is the ability to test safepass.me in a live environment without it actually taking any action. By configuring safepass.me in Dry Run mode you will be able to see in the Application logs what action it would have taken without potentially impacting current operations. If you have SIEM solution it will be easy to query the logs to determine what the full impact would have been. We can additionally provide some Powershell script to parse the logs and display them in a graphical format.
There are two main reasons to capitalise on this option:
Our Fuzzy Matching technology is heavily based on the Damerau–Levenshtein (DL) distance calculation and AI.
The Professional edition (Basic) is set so that if less than three permutations are required to match a word from the list, the attempt will be blocked.
The DL distance is how many characters difference (insert, delete, substitution) you tolerate before recognising a match. Take for instance the word ‘banana’. If this word is in the custom dictionary, a user who enters this word will find it is blocked. If the user entered the word bananaS, a naive match would not block it, but safepass.me will as it contains the substring ‘banana’. The Professional edition will also match anything that matches to 3 characters difference i.e. instead of an a, @, or if there is an ! at the end of the word.
The Advanced Fuzzy matching allows you to tailor the match distance based on the length of the word itself. There is always a trade-off. For instance, if your password policy states all passwords should be 8 characters long, and you set a distance of 8 characters, all passwords will be rejected and blocked. In other words there is always a balancing act - match too fuzzily and the user can’t pick anything, match too loosely and the user can pick a password that is very similar to a breached password. The benefit of this option is that you need less words in your custom dictionary to match user passwords, and therefore you gain speed, dictionary size and convenience and ultimately of course, security and peace of mind!
When evaluating which edition to go for, it very much depends on the culture of security in your organisation, your appetite for risk, and the balance between security and flexibility. This is something we understand well, having a demonstrated history of security testing and auditing.
The Professional edition has been architected to be secure, but not flexible. The Enterprise edition allows you to be more flexible and has custom features that in essence allow you to go against security best-practices - i.e. white listing users such as C-Level who wish to bypass password policy enforcement.
The Enterprise level also unlocks the advanced support options, which are of value, particularly when it comes to implementation and integration, and which are not available for the Professional Edition.
We understand that many organisations operate in an agile space where there is a need for flexibility to drive innovation, and regard security as something that disables it, and we respect it which is why we want to enable you and not stifle you.
If however your only driver is security, then we would recommend you pick the Professional Edition (which can't be mis-configured, by design).