Leaked Passwords Check

As of NetSuite 25.2, the leaked passwords check was enhanced to cover more cases and provide more security for all NetSuite accounts. See the following for information about the leaked passwords check:

• NetSuite checks all passwords against a list of passwords that are leaked and potentially compromised.

  Previously, NetSuite only checked the password during their creation. As of NetSuite 25.2, passwords are checked during login, too.

• When you change your password, NetSuite doesn't allow you to choose a password that is in the list of compromised passwords. The check is triggered when you attempt to submit the password. This applies even if the password meets all the other security criteria.

  • If you use the same password elsewhere, it's best practice to change it to prevent potential breach.

  • Set up a unique password that you don't, or haven't previously used elsewhere.

• Important:

  If you see an error message in NetSuite saying that your password is in the list of compromised passwords, it doesn't mean that your account was breached.

  The leaked passwords check only informs you that the password you're using to log in to NetSuite is known to potential attackers. It is possible that you're using the same password to log in to other services that were recently attacked, and the password was compromised that way.

• NetSuite updates the leaked passwords database regularly to include newly compromised passwords.

Note:

The system also checks web store customer passwords during their creation but not during login. For more information, see Password Requirements for Customers.

Related Topics

• Change Password Link
• Creating a Strong Password
• Password Reset Tips for Administrators
• Password Requirements and Policies in NetSuite

General Notices