How do you prevent exposed or breached passwords from being used in your application?

Devanand Premkumar
5 replies
As per the NIST800-63 special publication, we are expected to prevent exposed passwords or breached passwords from being used in our applications. Wonder if any one of us is making use of this and if yes, how?

Replies

Vinh
You can make use of Haveibeenpawn database/api? https://haveibeenpwned.com/API/v...
Devanand Premkumar
@kureikain That looks good for sure. Are you aware of any others offering such services?
Jim Zhou
A bit tedious for sure now that hashes.org is down, most of their solved passwords are available, according to their discord, at https://hash.lol which is really just a publicly available ipfs gateway to the files.
Devanand Premkumar
Yes, looks like they are down for a couple of days in a row. Not sure what happened to that useful site of theirs. If given a choice, would you look out for other such services?
Jan Mazurek
I shall upvote to follow the subject