Now that you have StrongBox it’s time to learn a few tricks on quickly finding and neutralizing password leaks before they burn anymore bandwidth.
Log into your StrongBox Admin, Click on Reports. We will be working with the “Site Activity Report”. You can use the activity report to monitor the smallest password leaks, often finding them before they fully get abused.
In the Activity Report menu modify the date to for the first week of the month. Depending on your member base, enter a higher number, 2000
normally does the trick for most people. Check the Successful logins only box, and then click Show Activity button.
Neat! Now check out the Countries column. Every displayed username shows the amount of country logins in the 5th column. Open a new browser/tab and open your StrongBox admin panel again. We will be checking the detailed logs (”Detail log for user”) for usernames with 2+ country logins. 98% of your country logins from 2+ or more locations are password leaks.
Grab a username with the highest amount of country logins, pretty much guaranteeing that it’s a leak. StrongBox may have blocked the IP’s and not the username, so only 2-3 countries may have logged in while others have failed to login. This example login report shows 2 USA logins, 2 other countries (3 total country logins for 4 people) then 3 more country logins that were already IP blocked from other attempts. This is clearly a password leak. (more…)
