p/general Share and discuss tech, products, business, startups, or product recommendations

How do you prevent exposed or breached passwords from being used in your application?

•

4yr ago

As per the NIST800-63 special publication, we are expected to prevent exposed passwords or breached passwords from being used in our applications. Wonder if any one of us is making use of this and if yes, how?

Replies

Best

Vinh

Mailwip

You can make use of Haveibeenpawn database/api? https://haveibeenpwned.com/API/v...

Report

4yr ago

Devanand Premkumar

@kureikain That looks good for sure. Are you aware of any others offering such services?

Report

4yr ago

Jan Mazurek

I shall upvote to follow the subject

Report

4yr ago

Jim Zhou

A bit tedious for sure now that hashes.org is down, most of their solved passwords are available, according to their discord, at https://hash.lol which is really just a publicly available ipfs gateway to the files.

Report

4yr ago

Devanand Premkumar

Yes, looks like they are down for a couple of days in a row. Not sure what happened to that useful site of theirs. If given a choice, would you look out for other such services?

Report

4yr ago