Real-time Password Blacklist
( No Credit Card Required )
The service is easy to implement with a wizard-based Easy Install for Windows, a one-page Quick Start Guide and understandable API documentation
Citrix was Penetrated Years Ago- Software-company Citrix was penetrated by attackers that successfully carried out a credential stuffing / password spray attack. The attackers went unnoticed for years because once an attacker knows a correct credential, the attacker's authentication looks just like the real, end-user's authentication. Password RBL addresses this style attack and many others.
NIST Recommends Password Blacklisting - The National Institute for Standards and Technology has released an update for their Digital Authentication Guidelines in NIST Special Publication 800-63-3. NIST now recommends that organizations employ a Password Blacklist to prevent the use of known bad choices. Password RBL is exactly what you need - a curated list of all these known bad passwords - and it's simple to deploy and use. Learn more here.
Largest Data Breach Collection found - The largest (so far) data breach corpus has been discovered online. It contains 773 million records and 22 million unique password permutations. But this is not new breach date. This collection is comprised of many previous breaches. Password RBL has over 75 million password permutations in its curated blacklist and protects against breach data exactly like this. Subscribe to Password RBL and say goodbye to bad passwords.
The LowLevel04 RansomWare Spreads by Exploiting Weak Passwords- Ransomware is a big problem for businesses- it encrypts your data files until you pay a "ransom" costing thousands in bitcoin and lost productivity. This specific variant, dubbed LowLevel04, spreads by brute-forcing weak passwords via Microsoft Remote Desktop / Terminal Services connections. Many businesses use Remote Desktop for remote employee access to corporate resources. Yet another reason to use Password Firewall for Windows!
Redirect-to-SMB Vulnerability Exposes User Passwords- This bug reported is a new take on an issue discovered in 1997 and garnered alot of attention at DEFCON 24. All versions of Windows and many common applications are vulnerable. This vulnerability works by using a standard HTTP redirect, but the victim is redirected to a malicious SMB server. Since Windows automatically attempts authentication by design, it sends the victim's hashed credentials to the SMB server. If the victim's password is simplistic or common, then it's easily cracked. Subscribe today and prevent bad passwords before they happen!
We use only industry standard algorithms & have a zero-logging policy. Our double-blind hashed password submission is also protected by TLS.
One subscription covers access to the API. You choose if you want to protect Active Directory, your site, your app or all of them!.
All the passwords in our system have been vetted by a real person. We don't use any automated methods to build our password database.