Share via


User login credentials

This SIT is also included in the All credentials bundled SIT.

Format

A paired username and password used in general authentication process.

or

A paired username and password used in PuTTY connection manager.

or

Plain text password used in code snippets.

or

A combination of 88 characters consisting of letters, digits, and special characters.

Pattern

Various username and password formats, for example:

username=...;password=********;
user id=...;password=********;
uid=...;pwd=********;
DB_USER=...;DB_PASS=********;
Service Account=...;Password=********;

or

An XML element <login>
An embeded XML element <login>
Inner XML content
An embeded XML element </login>
An embeded XML element <password>
Inner XML content
An embeded XML element </password>
An XML element </login>

for example

<login> <login>ZYXWVU_1</login> <password>ZY…

or

Various password formats in code snippets, for example:

new X509Certificates2(
ConvertTo-SecureString -String ********
password = "********"
"password" : "********"
UserPasswordCredential(

or

A combination of 86 characters:

  • a-z (not case-sensitive)
  • 0-9
  • forward slashes (/)
  • or plus signs (+)
  • ends with two equal signs (=)

for example:

abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==

Credential example

Confidence Band Example
High initial catalog=host_name;database=db_name;uid=user_name;password=ZYXWVU_2;
Medium user=user_name;password=ZYXWVU_2
Low N/A

Checksum

No

SITs that have checksums use a unique calculation to check if the information is valid. This means when the Checksum value is Yes, the service can make a positive detection based on the sensitive data alone. When the Checksum value is No additional (secondary) elements must also be detected for the service to make a positive detection.

Keyword Highlighting

Supported

When keyword highlighting is supported in the contextual summary for a sensitive information type or a trainable classifier, in the Contextual Summary view of activity explorer, the keywords in a document that were matched to a policy are highlighted.

Definition

This SIT is designed to match the security information that's used in general user login process.

It uses several primary resources:

  • Patterns of Plain-text username and password.
  • Patterns of Plain-text username and password in PuTTYcm database file.
  • Patterns of Password context in code.
  • Patterns of Base64 encoded 512 bits symmetric key.
  • Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
  • Patterns of mockup values, redactions, and placeholders.
  • A dictionary of vocabulary.

The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.

Keywords

Keyword_LoginCredentials:

  • password
  • pw
  • DB_

Keyword_LoginCredentialsPutty:

  • login

Keyword_PasswordContextInCode:

  • key
  • x509c
  • credential
  • password
  • pw
  • securestring

Keyword_SymmetricKey512:

  • SharedAccessKey
  • AccountKey