Snowflake Will Automatically Disable Passwords Detected on the Dark Web

Posted on by

Security has been an integral part of Snowflake’s platform since the company was founded. Through the security capabilities of Snowflake Horizon Catalog, we empower security admins and CISO’s to better protect their environments. As part of our continued efforts to help customers secure their accounts, and in line with our pledge to align with CISA’s Secure By Design principles, we are announcing the general availability of Snowflake Leaked Password Protection (LPP). This capability monitors and blocks passwords that have been discovered on the dark web. LPP provides a defense-in-depth mechanism that helps prevent unauthorized access to Snowflake accounts. 

LPP leverages data feeds on reported leaked passwords from industry-leading threat-intelligence providers. Snowflake then securely verifies whether the leaked password is still valid for the identified user. Our LPP system validates passwords for all users (human or service) in a privacy-preserving manner. Passwords are only handled in the memory of our automated systems and at no point do they persist at rest in cleartext, nor are they visible to any Snowflake employees.

Once a leaked password is confirmed to still be valid, LPP automatically disables the password for that user. The user will then need to contact their account administrator to get a reset password link which requires them to change their password on next sign-in, which will then be subject to the effective password policies on that account. We strongly recommend that admins turn on multi-factor authentication (MFA) (if the user is not a service user) and network policies immediately. LPP keeps the user and relevant administrators informed, via email, about any actions taken. 

While we continue to believe that MFA is the best protection for user accounts and we will continue to default to MFA for human users, LPP is an additional step toward helping our customers better secure their accounts by default. 

To learn more about how we are making the Snowflake platform more secure and the role of Snowflake Horizon Catalog, watch the BUILD 2024 “What’s New” session on demand.