Leaked Passwords Check

As of NetSuite 25.2, the leaked passwords check was enhanced to cover more cases and provide more security for all NetSuite accounts. See the following for information about the leaked passwords check:

• NetSuite checks all passwords against a list of passwords that are leaked and potentially compromised.

  Previously, NetSuite only checked the password during their creation. As of NetSuite 25.2, passwords are checked during login, too.

• When you change your password, NetSuite doesn't allow you to choose a password that is in the list. The check is triggered when you attempt to submit the password. This applies even if the password meets all the other security criteria.

  • If you use the same password elsewhere, it's best practice to change it to prevent potential breach.

  • If your password is compromised, set up a unique password that you don't, or haven't previously used elsewhere.

• Important:

  If you see a message in NetSuite that your password is compromised, it doesn't mean that your account was breached.

  The leaked passwords check only informs you that the password you're using to log in to NetSuite is known to potential attackers. It is possible that you're using the same password to log in to other services that were recently attacked, and the password was compromised that way.

• NetSuite updates the leaked passwords database regularly to include newly compromised passwords.

Note:

The system also checks customer passwords during their creation but not during login.

Related Topics

• Change Password Link
• Creating a Strong Password
• Password Reset Tips for Administrators
• Password Requirements and Policies in NetSuite

General Notices