In August 2017, NIST released guidance specifically recommending that user-provided passwords be checked against existing data breaches. I know SSPR has the ability to add a wordlist via a url and that wordlist that gets imported into the localDB at service reboot. The recommended wordllst contains over 551 millions words. The words are hashed and listed one per line and with the number of times they appeared in a breach. SSPR expects one plain text word per line, so I cannot use this wordlist.

I would like to request the ability to call a web service to check against an external database of compromised passwords. The api is located here : https://haveibeenpwned.com/API/v2

by: Joel B. | over a year ago | Other