Jump to content
Sign in to follow this  
bcloud

PasswordState compatibility with Pwnage check?

Recommended Posts

After ArsTechnica's release of this article (https://arstechnica.com/information-technology/2018/02/new-tool-safely-checks-your-passwords-against-a-half-billion-pwned-passwords/) has caused my manager to ask if PasswordState would be getting support for a security check comparable to what is available through https://haveibeenpwned.com/

 

This seems like it could be a pretty good idea. 

Share this post


Link to post
Share on other sites

Hi bcloud,

 

Thanks very much for your suggestion, and we have had a couple of request for this in the past. Once we've finished the new remote session launcher feature, we'll take a look to see what's involved.

Thanks again for the suggestion.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Hi support,

 

It's quite simple. I hacked it into an open source Active Directory password filter I work on from time to time over a case of beer last night.

 

If you are also using C#, you may find my implementation a useful starting point, or more likely - an example of exactly how not to do it. :)

 

It's a little rough because I'm a secadmin with a coding habit, and well, the beer, but you are welcome to it: 

 

https://github.com/brockrob/OpenPasswordFilter/blob/master/OPFService/PwnedPasswordsAPI.cs

 

Regards,

Rob

Share this post


Link to post
Share on other sites

Hey Everyone,

 

We should have reported back here some time ago, but we now do have integration with have I been Pwned.  You'll find this option under the Bad Passwords section of the Admin area.  Hopefully you have already heard about this and sorry for not reporting back to this thread when we first introduced this feature.

 

Support.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...