IntroductionMost data breaches are actually caused by password breaches. A password is known as a universal enabler of fraud: most users re-use the same password across all their accounts. Breach it once, use it multiple times. In theory, two-factor authentication & login fraud detection techniques can mitigate password breaches, but in practice they're inconvenient and users don't actually utilize them.Virgil Security has taken Pythia, designed by Adam Everspaugh and Rahul Chaterjee, University of Wisconsin–Madison; Samuel Scott, University of London; Ari Juels and Thomas Ristenpart, Cornell Tech, and built a cloud service that protects password databases in the most secure way possible.Breach-proof password - the most cryptographically protected user password. It allows developers to protect their user passwords if the database is stolen or compromised.Press here to read more about our solutionProblemIn standard password security implementation, passwords are hashed and stored in the user table. Even though hashing is a one-way transformation, there are techniques to reverse engineer them back to the original passwords: rainbow table attacks, brute-force & dictionary attacks.In advanced password security implementations, a random salt is added to the password before hashing. The problem is that this random salt has to be stored in the user table, so that the login function can verify the password. Obviously this is a security weakness.SolutionVirgil Security presents Pythia, a new technology that gives you a new, more secure mechanism that "breach-proofs" user passwords and lessens the security risks associated with weak passwords. With Pythia, passwords are no longer the weakest link in your system.Virgil Pythia protects users' passwords without having to know a user's identity, password or its hash. Virgil Pythia doesn't generate a new user password; it just makes a password cryptographically safer.You can easily integrate Virgil Pythia with your Server side. Pythia technology doesn't change a business logic of your digital solution and doesn't affect your authentication mechanism.Pythia detects online attacks and if Pythia or your user database is compromised, attackers still can't run offline attacks.You can quickly update a user's breach-proof password in the event someone compromises your database without having to create new user passwords, nor do you need to terminate work of your system.How it worksA user sends his or her password and login to your Application Server and you identify a user using your own authentication mechanism.Then you have to pass a user's password or its hash to Pythia SDK.Pythia SDK blinds a user's password.Then Pythia SDK sends a request to Pythia Service in order to receive a user's transformed blinded password.Pythia Service creates a transformed blinded password and sends it to your App Server.The Pythia SDK de-blinds the transformed blinded password on the App Server and get a deblinded password (breach-proof password).Then Pythia SDK compares this calculated user's breach-proof password with a value that is stored in your DB.So, you perform all operations under user's password on your App Server, thus Virgil Pythia protects users' passwords without having to know a user's identity, password or its hash. Pythia SDK blinds and de-blinds users passwords each time a user logs in, and a user won't even know it's happening. Technical details can be found in the Virgil Security Pythia white paper.Going through the tutorial you find the following expressions:ParameterDescriptionBlinded Passworda user's password that is hidden from Pythia Service with unique random number.Transformed Blinded Passworda blinded password, protected using Pythia Service data.Deblinded Passworduser's breach-proof password, that is a cryptographically the most protected.What Virgil provides for developersVirgil Pythia Service for storing & managing Pythia Application and its parameters.Virgil Pythia SDK which allows you to easily manage a Crypto Library and communicate with Virgil Services.Let's get started!