Are you using a compromised password?
Have you been pwned??
There are currently well over 500 million passwords that hackers are known to have harvested from data breaches, some of them having been seen hundreds of times. The current best practices standards for passwords as published in 2017 by the U.S. National Institute of Standards and Technology requires that password choices should not appear in lists of known to be compromised passwords. Does your password meet minimum quality standards and is it in the compromised list? Find out here…
How this works
The submitted password will be run through two tests, the first checks things such as length, sequential and repeated characters and whether the password appears in the ‘cracklib’ dictionary. The second is against a database containing the hashed values of known to be compromised passwords. To run these test we will send the password over a secure connection to our server. Your entries will not be visible to anyone and are never saved in any form.
What does this mean?
If the hashed password is not found in the database then it is not currently known to have been compromised. As the ‘cracklib’ test checks the actual password against the dictionary, a failure means that this password should absolutely not be used. As many passwords have appeared in multiple data breaches, the results give an idea of the level of risk in using a given password.
What should I do?
If the password successfully passed the tests then you don’t need to do anything, otherwise best practices standards requires that you select a different password. If your system uses Secure4Access, our identity, access and password manager solution, then you can relax as these tests will have been performed and enforced on all password selections and changes.