Utilize the HIBP API

by jproctor ‎02-27-2018 11:10 AM

I'd love to see this API integrated with Centrify to make everyone a lot more secure:

 

https://haveibeenpwned.com/API/v2

 

Here is an example of a recent integration and how I think it would work best. https://blog.bittylicious.com/2018/02/have-i-been-pwned/

 

For each user that newly logs in, Bittylicious will interrogate with the service to determine whether the password being used by the Bittylicious user is one that is commonly used and has been listed in one of many breaches. This means that from now onwards:

  • Users will not be able to change their password to one that is very well known, i.e. used regularly by many others and appears in multiple lists.
  • Privileged users (brokers and administrators) will not be able to use the service if their password is in any single list at all; the password will need to be changed before the service can be used.

 

 

 

Comments
By pfox
on ‎08-09-2018 04:43 PM

This would be great. Okta is now doing this I believe.