US Patent 9998443 Retrospective discovery of shared credentials

A method for identifying a shared credential within a networked computing environment. The method includes a computer processor accessing information corresponding to an aggregated plurality of authentication events within a networked computing environment. The method further includes identifying one or more credentials that are associated with the aggregated plurality of authentication events. The method further includes analyzing a frequency of usage of a first credential that is included in the identified one or more credentials. The method further includes determining that the first credential is shared, based at least in part, on the analysis of the frequency of usage of the first credential in authentication events by one or more hosts, and information related to authentication events corresponding to the one or more hosts that utilize the credential in authentication events. The method further includes generating a report that identifies that the first credential is shared.