At Snowflake

Snowflake Will Automatically Disable Leaked Passwords Detected on the Dark Web

Photo illustration of a woman wearing glasses with code superimposed around her and the BUILD 2024 icon on a blue bar at the bottom

Security has been an integral part of Snowflake’s platform since the company was founded. Through the security capabilities of Snowflake Horizon Catalog, we empower security admins and CISO’s to better protect their environments. As part of our continued efforts to help customers secure their accounts, and in line with our pledge to align with CISA’s Secure By Design principles, we are announcing the general availability of Snowflake Leaked Password Protection (LPP). This capability monitors and blocks passwords that have been discovered on the dark web. LPP provides a defense-in-depth mechanism that helps prevent unauthorized access to Snowflake accounts. 

LPP leverages data feeds on reported leaked passwords from industry-leading threat-intelligence providers. Snowflake then securely verifies whether the leaked password is still valid for the identified user. Our LPP system validates passwords for all users (human or service) in a privacy-preserving manner. Passwords are only handled in the memory of our automated systems and at no point do they persist at rest in cleartext, nor are they visible to any Snowflake employees.

Once a leaked password is confirmed to still be valid, LPP automatically disables the password for that user. The user will then need to contact their account administrator to get a reset password link which requires them to change their password on next sign-in, which will then be subject to the effective password policies on that account. We strongly recommend that admins turn on multi-factor authentication (MFA) (if the user is not a service user) and network policies immediately. LPP keeps the user and relevant administrators informed, via email, about any actions taken. 

While we continue to believe that MFA is the best protection for user accounts and we will continue to default to MFA for human users, LPP is an additional step toward helping our customers better secure their accounts by default. 

To learn more about how we are making the Snowflake platform more secure and the role of Snowflake Horizon Catalog, watch the BUILD 2024 “What’s New” session on demand.

 

Woman using computer
Virtual Hands-On Lab

Unify Your Governance Strategy with Snowflake Horizon Catalog

Join Snowflake experts as they walk you through how to classify and apply granular policies to sensitive data, monitor data quality, and discover data, apps and more using Snowflake Horizon Catalog.
Share Article

Subscribe to our blog newsletter

Get the best, coolest and latest delivered to your inbox each week

Start your 30-DayFree Trial

Try Snowflake free for 30 days and experience the AI Data Cloud that helps eliminate the complexity, cost and constraints inherent with other solutions.