( No Credit Card Required )

The service is easy to implement with a wizard-based Easy Install for Windows, a one-page Quick Start Guide and understandable API documentation

  • Password Firewall for Windows v6.5 Now Available - The latest release of Password Firewall for Windows is available for download.  This version adds the ability to also query the Pwned Passwords blacklist database in addition to the Password RBL curated blacklist and your own custom blacklist.  Visit the downloads page to get it.  
  • API v3.3 Released - We have updated our API to version 3.30.  This upgrade adds a new API method to query the Password RBL metrics associated with a specified Tracking ID.  Read all about it in the latest API Guide available on the downloads page.
  • GDPR Compliance - Our Terms of Service and Privacy Policy includes language that shows how we are compliant with GDPR.  The spirit of our terms and privacy policy remains the same, since we were already compliant with GDPR.  We just clarified some language.
  • Check service status - You can always view the status of the Password RBL service using our status page or directly via: https://status.passwordrbl.com
  • Referral Program - Know someone who could benefit from better passwords?.. we bet you do!  Refer them to Password RBL and we'll give you both a free month (or a $100 credit, whichever is less).  And there's no limit to the number of referral bonuses you can get! Additional details here.
  • Just a note regarding transport security - We just want to let you know that all connections to our API server are secured with modern protocols and ciphers.  Our API only allows TLS connections, so no need to worry about the recent SSL vulnerabilities.  Read More

Announcements About the Service

  • ​​Iranian Hackers Conducting Password Spray Attacks - As reported by Ars Technica, Iranian hacking groups are conducting widespread "Password Spray" attacks in response to the killing of Iranian General Qassem Soleimani.  Password RBL's bad password blacklisting service protects against this type of attack, and more.  Sign up today!  It's super easy to deploy, use and subscriptions are inexpensive, too.

  • Citrix was Penetrated & Hackers had Access for Months - Software-company Citrix was penetrated by attackers that successfully carried out a credential stuffing / password spray attack.  The attackers went unnoticed for months because once an attacker knows a correct credential, the attacker's authentication looks just like the real, end-user's authentication.  Password RBL bad password blacklisting directly addresses this style attack and many others.  

  • NIST Recommends Password Blacklisting - The National Institute for Standards and Technology has released an update for their Digital Authentication Guidelines in NIST Special Publication 800-63-3.  NIST now recommends that organizations employ a Password Blacklist to prevent the use of known bad choices.  Password RBL is exactly what you need - a curated list of all these known bad passwords - and it's simple to deploy and use.  Learn more here.

  • Largest Data Breach Collection found - The largest (so far) data breach corpus has been discovered online.  It contains 773 million records and 22 million unique password permutations.  But this is not new breach data.  This collection is comprised of many previous breaches.  Password RBL has over 3 times as many unique password permutations in its curated blacklist and protects against breach data exactly like this.  Subscribe to Password RBL and say goodbye to bad passwords.

  • The LowLevel04 RansomWare Spreads by Exploiting Weak Passwords- Ransomware is a big problem for businesses- it encrypts your data files until you pay a "ransom" costing thousands in bitcoin and lost productivity.  This specific variant, dubbed LowLevel04, spreads by brute-forcing weak passwords via Microsoft Remote Desktop / Terminal Services connections.  Many businesses use Remote Desktop for remote employee access to corporate resources.  Yet another reason to use Password Firewall for Windows!

Password Security In The News

There are millions of passwords that meet company password policies, but are bad choices because hackers know these common passwords, too.  They have databases filled with these bad passwords and actively use them to break into business networks across the globe.

It has become very common to hear about data breaches or leak of customer data at large companies that lead to millions of leaked credentials or identity data points, but data breaches happen at smaller businesses even more often.

Password RBL was created to give organizations of all sizes a simple and effective way to fight back against these attacks.

WhY use Password RBL

Password RBL is a password blacklist for Active Directory, web sites or apps that keeps the bad, crackable passwords from being used on your network.  Eliminating these bad passwords is a great step towards securing your business systems and data.  You can easily add Password RBL password blacklisting to your Active Directory using Password Firewall for Windows, or implement the API from your website or app.

Your business and proprietary data need protection from unauthorized access.  Subscribing to the Password RBL service is an easy and effective way to protect your Active Directory, web sites, apps.  It's easy to implement and inexpensive, too!

What is password rbl

We use only industry standard algorithms & have a zero-logging policy.  Our double-blind hashed password submission is also protected by TLS.

One subscription covers access to the API. You choose if you want to protect Active Directory, your site, your app or all of them!.



layers of



one-Page Guide

All the passwords in our system have been vetted by a real person.  We don't use any automated methods to build our password database.​

high quality


Prevent bad passwords before they happen!

Real-time Password Blacklist