Real-time Password Blacklist
NIST Recommends Password Blacklisting - The National Institute for Standards and Technology will soon be releasing an update for their Digital Authentication Guidelines in NIST Special Publication 800-63-3. In it they are now recommending that companies employ a Password Blacklist to prevent the use of known bad choices. Password RBL is exactly what you need - a curated list of all these known bad passwords - and it's simple to deploy and use. Learn more here.
Github, GotoMyPC, latest sites hit with password attacks following huge credential breach - Since the recent for-sale posting of credential databases for LinkedIn, Tumblr, MySpace and more, many websites are seeing an increase in password attacks using the information gained from these credential databases. Password RBL can help prevent attacks exactly like this.
The LowLevel04 RansomWare Spreads by Exploiting Weak Passwords- Ransomware is a big problem for businesses- it encrypts your data files until you pay a "ransom" costing thousands in bitcoin and lost productivity. This specific variant, dubbed LowLevel04, spreads by brute-forcing weak passwords via Microsoft Remote Desktop / Terminal Services connections. Many businesses use Remote Desktop for remote employee access to corporate resources. Yet another reason to use Password Firewall for Windows!
Starbucks Hacked? No, But You May Be- The Starbucks online account system was not hacked or breached. Instead, hackers used known bad passwords to gain unauthorized access to individual customer accounts. This allowed the hackers to drain the individuals' accounts as well as transfer in more money from their linked bank account and order themselves Starbucks gift cards (likely to be resold online). If Starbucks subscribed to Password RBL and enforced the use of strong passwords, this attack could have been thwarted.
Redirect-to-SMB Vulnerability Exposes User Passwords- This bug reported is a new take on an issue discovered in 1997 and garnered alot of attention at DEFCON 24. All versions of Windows and many common applications are vulnerable. This vulnerability works by using a standard HTTP redirect, but the victim is redirected to a malicious SMB server. Since Windows automatically attempts authentication by design, it sends the victim's hashed credentials to the SMB server. If the victim's password is simplistic or common, then it's easily cracked. Subscribe today and prevent bad passwords before they happen!
We use only industry standard algorithms & have a zero-logging policy. Our double-blind hashed password submission is also protected by TLS.
All the passwords in our system have been vetted by a real person. We don't use any automated methods to build our password database.
( No Credit Card Required )
The service is easy to implement with a wizard-based Easy Install for Windows, a one-page Quick Start Guide and understandable API documentation
One subscription covers access to the API. You choose if you want to protect Active Directory, your site, your app or all of them!.