System and methods are disclosed for organizations to run a test against an active directory list to see if any user-provided passwords have been part of an existing data breach. Utilizing information from such a test identifies users that have weak passwords, reused passwords or shared passwords that have been associated with an earlier breach. With this information, the organization can seek to reduce risk by training staff for this specific issue in a timely and appropriate manner to significantly reduce the risk of a future breach by those identified users. Training can be customized and targeted at those users who attempt to use passwords that have been associated with a breach (either of their own account or of another account on the same or related domain.

A policy storage unit (105) stores a plurality of password policies each describing an approval requirement for a password used for authentication of a user, and each enabling the password to be approved as a legitimate password when the password conforms to at least one of the plurality of password policies. A policy extraction unit (100) extracts one or more password policies from among the plurality of password policies. An authentication-information acquisition unit (101) acquires authentication information including the password. A conformity determination unit (102) determines whether or not the password included in the authentication information conforms to at least one password policy among the one or more password policies. An authentication-information registration unit (103) registers the authentication information as registration information when the conformity determination unit (102) determines that the password conforms to at least one password policy.

A policy storage unit (105) stores a plurality of password policies each describing an approval requirement for a password used for authentication of a user, and each enabling the password to be approved as a legitimate password when the password conforms to at least one of the plurality of password policies. A policy extraction unit (100) extracts one or more password policies from among the plurality of password policies. An authentication-information acquisition unit (101) acquires authentication information including the password. A conformity determination unit (102) determines whether or not the password included in the authentication information conforms to at least one password policy among the one or more password policies. An authentication-information registration unit (103) registers the authentication information as registration information when the conformity determination unit (102) determines that the password conforms to at least one password policy.

System, device, and method of generating and utilizing one-time passwords. A method generates a particular One-Time Password (OTP) string that is based on pre-defined OTP string construction rules. The particular OTP string is not a purely-random string; rather, the particular non-purely-random OTP string provides to a behavioral monitoring unit a capability to extract user-specific behavioral typing patterns from a way in which a user types characters of the particular OTP via a keyboard of an electronic device. The method sends the particular OTP string to the user; monitors the way that the user types the OTP string; extracts from the user interactions, that were performed while the user entered the OTP string, a user-specific behavioral typing characteristic; and based on that user-specific characteristic, determines whether that user is authenticated or non-authenticated, and optionally activates fraud mitigation operations or transaction blocking operations if the user is non-authenticated.

System, device, and method of generating and utilizing one-time passwords. A method generates a particular One-Time Password (OTP) string that is based on pre-defined OTP string construction rules. The particular OTP string is not a purely-random string; rather, the particular non-purely-random OTP string provides to a behavioral monitoring unit a capability to extract user-specific behavioral typing patterns from a way in which a user types characters of the particular OTP via a keyboard of an electronic device. The method sends the particular OTP string to the user; monitors the way that the user types the OTP string; extracts from the user interactions, that were performed while the user entered the OTP string, a user-specific behavioral typing characteristic; and based on that user-specific characteristic, determines whether that user is authenticated or non-authenticated, and optionally activates fraud mitigation operations or transaction blocking operations if the user is non-authenticated.

Techniques for secure sharing of stage data include generating a listing in a first data exchange of a data provider. The listing includes stage data stored in a stage of the data provider and metadata associated with the stage data. A secure view of the listing is configured in a second data exchange based on posting the listing from the first data exchange to the second data exchange. The stage data is retrieved in response to a request from a client device to view the stage data received in the second data exchange. A security function is applied to the stage data to generate modified stage data. The modified stage data is stored at a second location in the stage. The metadata is updated to reference the second location in the stage.

Techniques for secure sharing of stage data include generating a listing in a first data exchange of a data provider. The listing includes stage data stored in a stage of the data provider and metadata associated with the stage data. A secure view of the listing is configured in a second data exchange based on posting the listing from the first data exchange to the second data exchange. The stage data is retrieved in response to a request from a client device to view the stage data received in the second data exchange. A security function is applied to the stage data to generate modified stage data. The modified stage data is stored at a second location in the stage. The metadata is updated to reference the second location in the stage.

A method comprising using at least one hardware processor to present a collection of images; receive a selection of one of these collections; and present a second screen asking a user to pick a number of the images in the selected collection.

A method comprising using at least one hardware processor to present a collection of images; receive a selection of one of these collections; and present a second screen asking a user to pick a number of the images in the selected collection.

Privately determining whether a password satisfies a constraint without having to divulge the password itself to a third party that evaluates the constraint, and without the third party even being aware of the result of the evaluation. After the user selects a password, private communication (e.g., private information retrieval) is used to determine whether the selected password satisfies password constraints. For instance, the password might be encrypted (e.g., homomorphically), and then the encrypted password and a function definition (e.g., a homomorphic function definition) is then provided to the third party. The third party then performs the function and returns an already encrypted result. The third party generated the encrypted result directly, without having access to the result in the clear. Upon receiving the encrypted result, the user's computing system may then decrypt the result, to find out whether the password satisfies the constraints, and thus is sufficiently safe.