Boulders: In honour of World Password Day 2017, PasswordPing Ltd. launched Password Check, a free tool that helps inform online users about unsafe password choices. The new tool is available now at: https://check.passwordping.com
The first of its kind, Password Check goes beyond traditional algorithmic strength checking by comparing entered passwords against a list of known, compromised passwords. This list consists of billions of passwords exposed in previous data breaches compiled from the public web and the dark web. Although many of these passwords meet typical algorithmic strength requirements, they should all now be considered unsafe, since they are present in cybercriminals’ cracking dictionaries and may be leveraged to compromise user accounts.
This danger of allowing users to use compromised passwords was specifically addressed in the National Institute of Standards and Technology’s (NIST) recently finalised Cybersecurity Framework draft recommendations (https://pages.nist.gov/800-63-3/sp800-63b.html#reqauthtype)
“PasswordPing is excited to be releasing Password Check on World Password Day as part of the global effort to help users better protect their online accounts,” said Mike Wilson, CEO and Co-Founder of PasswordPing. He continued, “Our company was built to protect users and organisations from the risks of account takeover and credential stuffing attacks related to poor password practices. We are proud to now be sharing access to our resources directly to consumers for free.”
PasswordPing previously made available a free Password Strength Meter, which organisations can add to existing signup and change password forms to notify and prevent users from selecting weak or compromised passwords. https://www.passwordping.com/free-password-strength-meter
About World Password Day 2017
World Password Day is meant to raise awareness of the need for good password security. To find out more go to: https://passwordday.org/
In February this year, PasswordPing Ltd. launched its password and credential breach notification service, which proactively notifies organisations if their users are using exposed credentials.
In the last 5 years, billions of credentials have been exposed. The impact of those breaches can last for years if users are not proactively changing their credentials. The average online user has an average of 90 online accounts (active and inactive). In the US, it could be even higher, as the average email address has 130 accounts associated with it. It is estimated that at least 55% of users admit that they use the same password across most, if not all, of their accounts.
Duplication of passwords across multiple sites means even if your organisation has not been breached, your users are still at risk of having their account hacked. PasswordPing has various tools to help organisations screen for exposed, compromised credentials and passwords.
Organisations can be alerted of exposed credentials and request users to update their credentials when they set up their account, reset their password or log into their account.