Why Check Passwords?

Any Enterprise is only as strong as its weakest link.

What is a Leaked Password?

Over the many hacks - from small to really sophisticated - there has been many hacks in the world, resulting in user authentication credentials are leaked. These leaks are released by hackers into different sites across the internet - and are usually called as - "Seclists". These are available in the internet for free download.

So why Check password?

Its a known fact that most people use the same password for most of the websites for e.g. their travel websites, banking, school or work portals. Once you use a a password which is already out there in Open Internet, it just becomes easier for hackers to simply test out all entries of hacked passwords from seclists -to programattically- check if they get lucky with any of them. It will be wise to not use any of these passwords, that are considered already leaked.

Is this the master database for all leaked passwords?

Well... No !
The purpose of this website is to try to make available as many "seclists" as we can from the (open) internet and then allow for integration with commercial portals, as an "additional security layer". This password inspector tool - is not- and may never be - the master-master of all the leaked passwords in the world, as there seem to be more hacks everyday. This should, however, give a fair amount of assurance to commercial businesses (if integrated) that the passwords that is being used is not "obviously" out there in Open. Quite similar to how an Antivirus would assure against most viruses.

If its not the most exhaustive database, then why bother integrating?

Firstly, its an additional security layer to have a password check for your Users against a known database. Secondly, this is quite similar to having an Antivirus software on your system, which will never be the most up-to-date, but will give a fair amount of assurance against most of the attack scenarios. In the real world, there will always be many other (zero day) attacks that would surface from time to time.

Can this capability be improved - under request?

Yes, we are a niche tech organization always exploring in creating amazing solutions. Just reach out and we would be delighted to discuss further.

Want to Integrate your System with this PIN API ?

To integrate with this API, you will need a API key. Please do connect with us via email to [email protected] for any integration queries.

Disclaimer

Doing this check does not make your system completely secure. This API check is one of the additional layers of security that you may add to your system. In order to achieve greater security of your systems, it is recommended to add multiple layers of security at every layer of the business - application, network, system, hardware, people and processes. This check of your user's passwords against already leaked passwords at realtime, will give greater assurance at "User Access Security" in your security layers. We attempt to keep the password store updated regularly, though this is not (and may never will be) the complete list of all leaked passwords available in the internet, as the complete list is a moving target, with more and more systems being hacked and more and more user passwords being exposed almost every day.