Customer request: Add support for "haveIBeenPwned" to password policy checking

Idea ID 2783426

Customer request: Add support for "haveIBeenPwned" to password policy checking

Recently, Firefox added support for haveIBeenPwned (https://haveibeenpwned.com/Passwords) to their browser in order to disallow passwords that have already been pawned in the past.

Our customer BASF would like this to be part of SSPR, too, so that newly entered passwords will be rejected when found in the haveIBeenPwned database.
6 Comments
Absent Member.
Absent Member.
This would also be a welcomed addition to our security program. +1 for that request !
Absent Member.
Absent Member.
This would be a useful and practical addition to the overall security posture for any organization
Trusted Contributor.
Trusted Contributor.
This is exactly the type of capability IT Security departments are requesting and is being built into other competitors offerings. It would be a worthwhile addition to the SSPR product.
New Member.
Certainly something any solution should be providing as almost a default. Given other competitors alreay offer a breach password service
Super Contributor.
Super Contributor.
Looks like this was added as a feature in SSPR 4.5.
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.