Security

What information is sent to the Enzoic servers?
Enzoic for Active Directory uses a partial hash comparison approach through Enzoic’s Password API. This allows you to check whether a given password is know...
Fri, 11 Jun, 2021 at 6:24 PM
Is any customer data stored by Enzoic servers?
No. Customer data is not stored by Enzoic. The partial hash sent to the Enzoic server is kept in memory only long enough to perform the database lookup and ...
Fri, 11 Jun, 2021 at 6:24 PM
How long are you storing our data in your cloud?
No customer data is stored by Enzoic. The partial hash sent to the Enzoic server is kept in memory only long enough to perform the database lookup and then ...
Wed, 24 Nov, 2021 at 12:12 PM
Does Enzoic send the full password hash to the cloud for comparison?
No. When a user password change is received by the LSA, it notifies Enzoic’s Password Filter DLL. The Enzoic Service connects via HTTPS to the Enzoic Cloud ...
Wed, 24 Nov, 2021 at 12:01 PM
What does checking NIST 800-63b compliance under Settings actually do?
One of the questions we get quite often is: "When going through the Settings -> Other Settings, we see a check box for 'Ensure NIST 800-63b Com...
Mon, 18 Oct, 2021 at 3:56 PM
Security Overview
Here is a sampling of just some of the measures that we take to ensure the security and integrity of our offering. Our cloud-based infrastructure is hos...
Wed, 10 Nov, 2021 at 3:22 PM
Is there a risk that someone could figure out the password sent to the Cloud?
 No. Only the first 10 characters of the password hash are sent to the Cloud over an HTTPs connection. We do this so even if you are hit with a man in the m...
Wed, 24 Nov, 2021 at 12:06 PM
Is the Enzoic API call to the Cloud encrypted?
Yes. The call is sent over HTTPs and is encrypted by SSL. 
Wed, 24 Nov, 2021 at 12:08 PM
How do you know what the password is if you’re only using the partial hash?
We have the full password cached locally on the AD server as an encrypted hash. We are only sending the first 10 characters of the hash to the cloud. It is ...
Wed, 24 Nov, 2021 at 12:10 PM
Is it possible to see the hash of a compromised password?
No. Enzoic does not allow our backend to be queried, and we do not make compromised hashes available on DC's to be viewed.
Thu, 25 Aug, 2022 at 9:50 AM