Are you using a compromised password?
Have you been pwned??
There are currently well over 800 million passwords that hackers are known to have harvested from data breaches, some of them having been seen hundreds of times. The current best practices standards for passwords as published in 2017 by the U.S. National Institute of Standards and Technology requires that password choices should not appear in lists of known to be compromised passwords. Does your password meet minimum quality standards and is it in the compromised list? Run our compromised password tester to find out…
Our compromised password tester
The submitted password will be run through two tests, the first checks things such as length, sequential and repeated characters and whether the password appears in the ‘cracklib’ dictionary. The second is against a database containing the hashed values of known to be compromised passwords. To run these test we will send the password over a secure connection to our server. Your entries will not be visible to anyone and are never saved in any form.
What does this mean?
If the hashed password is not found in the database then it is unlikely to have been compromised. As the ‘cracklib’ test checks the actual password against the dictionary, a failure means that this password should absolutely not be used. As many passwords have appeared in multiple data breaches, the results give an idea of the level of risk in using a given password.
What should I do?
If the password failed the test then best practices standards requires that you select a different password. If it did not fail then it has probably not been compromised but there are no guarantees as the tested database almost certainly does not include all breached passwords. If your system uses Secure4Access, our identity, access and password manager solution, then you can relax as this compromised password tester has been run and enforced on all password selections and changes.