Passwordstate integration with Have I Been Pwned

If you are unfamiliar with Have I Been Pwned, it’s a website created by Troy Hunt that allows users to check whether the passwords they use have been compromised due to a data breach. If you wanted to check out Troy’s website to see how it works, please follow this link:

Passwordstate is now fully integrated with this online repository, and I’ll explain below the new tools and settings that we have in our software that works together with the Have I Been Pwned website.

You must be on Passwordstate version 8600 or higher to take advantage of these features.

First of the new features can be found under Tools -> Have I Been Pwned Password Check

This screen will allow you to manually enter any password you like, and see if it is a known compromised password in Troy’s database. If you need to think of a good strong password to use for a website for example, this tool will help you decide which password you should use.

Next, if you look under the Administration -> Bad Passwords tab, you can configure your system to use the Have I Been Pwned repository for your own Bad Passwords:

What this means is by default, any time someone adds, or updates a password in Passwordstate, it will do a check against Troy’s website first before allowing you to save it. If that online check finds that the password is ‘Pwned’, then the user will be informed they will need to choose a different password and will have to try to save it again.

As Have I Been Pwned has millions of passwords, using one that is compromised only once or twice for example might not be such a bad thing. It’s really the very common and simple passwords that users should be discouraged from using. For this reason, you can instead simply warn your Passwordstate users that the password resides in Troy’s database, and they should consider changing it to a different one.

If you’d like to turn o this warning instead of denying the users from saving the password, then edit your Password List and deselect this Bad Passwords option:

When a user is adding a new password, or updating an existing one, they will also have this new icon that will allow the m to quickly check the Have I Been Pwned status:

Next, we have an all new report which you can find under Administration -> Reporting called Have I Been Pwned Compromises:

Running this report will check every single shared password in your system against Have I Been Pwned, and will list any passwords that you should change.

If you just wanted to run this report against a single Password List instead of your entire Passwordstate database, then select your Password List, click List administrator Actions and then run the report from here:

Also, you can run this Have I Been Pwned report from our API. You find examples under Help -> Web API Documentation.

If you want to watch a video of this, we have this available on Youtube here:


Import Passwords from Thycotic Secret Server into Passwordstate

With the use of the Passwordstate API, it's possible to import Secret Server data using the XML export option Thycotic provide. The following documentation has been tested using Secret Server version 10.5.000003, and it would be unlikely Thycotic's … [Continue reading]

Import Passwords from KeePass into Passwordstate

We are updating this blog in July 2018, as we've now got a new process for importing KeePass data into Passwordstate.  This process was supplied to us by one of our customers called Fabian Näf from Switzerland, and we'd like to thank him for his … [Continue reading]

What’s New in Passwordstate Version 8

Click Studios is very happy to announce the release of Version 8 of Passwordstate, for which we have been working on for the past 12 months. Version 8 comes with two new major modules, and many new improvements to our Password Management platform. … [Continue reading]

Passwordstate Build 7580 New Features

In build 7580 of Passwordstate, we've introduced a few new features, most noticeably many changes in how encryption now works. Below is a summary of the more notable changes and features. Encryption Changes In consultation with an external … [Continue reading]

Password Management – Best Way To Secure Passwords

Has there ever been a time in your life that you couldn’t for the life of you recall a password? If remembering the seemingly countless amounts of passwords correctly is a problem, then you need to make use of Passwordstate, a revolutionary password … [Continue reading]

Password Management Best Practices

There is no guarantee that one person will stay in the same job forever. Opportunities arise and employees shift from job to job all the time. When this happens in a managed service business, technicians who move to a new company will also be taking … [Continue reading]

What You Should Look Into When Choosing A Password Manager

There are many security experts who feel that simply choosing a password with alphanumeric letters and special characters is not enough to keep internet infrastructure protected. On top of that, many users choose the same password for all their … [Continue reading]

Why Role Based Access Control is Crucial to Your Organisational Security

In today’s modern workplace, most if not all important documents, information and sensitive data is kept on a computer system, readily accessed at any point in time. While this offers a convenient way to store and retrieve files, a lack of role based … [Continue reading]