Password Validation

Data Breached Passwords

Did you know that more than half a billion passwords have been leaked through various data breaches? These passwords may be sold on the Dark Web and used to break in to other websites. The National Institute of Standards and Technology (NIST) recommends that users should be protected by disallowing any passwords that are on the breached list.

When you create a new account or reset your password, we will validate the password you select against a database of known leaked passwords. (Your password is not revealed to any 3rd party during this process.) If your password exists in the breached passwords database, we will ask you to select a different password.

This validation will add an additional layer of security for you and by ensuring that the password you use is not obvious, easy to guess, or already known to hackers.

Password Good Practices

  1. Have a unique password for every site - do not re-use passwords. If you re-use a password and one of the locations has a data breach, people may use that leaked password to access your other accounts.
  2. The longer the password the better; of course balanced with the ability to remember it!
  3. Do not use your name, pet’s name, or other easily guessed passwords.
  4. A ‘phrase’ or a random string of words can be effective and easier to remember. Make sure the phrase is long and/or the words are random. For additional security add in numbers, capitals and symbols.
  5. Change your passwords regularly.
  6. Password managers can be very helpful.