Password RBL adds Pwned Passwords database

Password RBL expands its password blacklisting service by adding Pwned Passwords blacklist database.

Password RBL has extended its bad password blacklisting service to include the Pwned Passwords blacklist in addition to Password RBL’s own highly curated blacklist that it has continually developed for years.  This new feature adds over 500 million passwords to the blacklisting service and is now available to all customers who want even more protection from bad passwords.  Customers can simultaneously query Password RBL’s highly-curated blacklist, their own custom blacklist, and now the Pwned Passwords blacklist, too.

Bad passwords have plagued organizations for decades, and reported data breaches have increased in recent years.  These breaches commonly exfiltrate the credential database, providing hackers with passwords to use in attacks on other organizations.  Credential stuffing and password spray attacks are becoming more common due to the large number of known breached passwords.  IT departments have tried to coach users into choosing complex passwords and employed the use of password policies, but password policies cannot solve this growing problem on their own.  Password blacklisting is a perfect supplement to existing password policies.

Password blacklisting blocks the millions of bad passwords that meet common password policies.  This is why the National Institute for Standards and Technology (NIST) in the United States has recommended employing the use of a password blacklist in their latest authentication guidelines.  The National Cyber Security Centre (NCSC) in United Kingdom also makes this recommendation.  Password blacklisting is an easy and effective way to combat password reuse and just plain bad passwords.

Password RBL’s blacklisting service includes direct API access and Password Firewall for Windows, an extremely lightweight software solution that only needs to be installed on Domain Controllers and does not require end-users or IT staff to learn anything new.  These features make it incredibly easy to add password blacklisting to any existing Windows network.

Password RBL, founded in 2013, provides affordable and easy to use password blacklisting solutions.  The company slogan is “Prevent Bad Passwords Before They Happen” because their solutions prevent the use of bad passwords that hackers use to gain unauthorized access to networks across the globe.  They consolidate passwords by analyzing hacker tools, running honeypot servers, and scouring the web for leaked credential databases from data breaches.

Subscriptions to the service start at just $15.00 (USD) per month for small-medium businesses.  Larger organizations can request a quote.