Please enable JavaScript to view this site.

Pwned Password Check

Description

In the InfoSec world, a pwned password is a password that has been exposed in data breaches (i.e. they are owned/pwned by hackers).

Using a pwned password significantly increases the chances of being the victim of a data breach. Pwned Check leverages Troy Hunt’s Pnwed Passwords API and automatically checks to see if a password that you’re using (or are thinking of using) has been pwned by hackers. If it has, you will be notifiied and can be proactive and choose something else to stay out of harm’s way. There are over half a billion passwords in the Pwned Passwords database.

Pwned Password Check explainer video

How to Set up the Pwned Password Check

In existing databases, Pwned check is not turned on automatically.

1. On the Administration tab, open Data Source Settings (System Settings) – Password Validation.

2. Choose Enabled from the list.

Administration - System Settings - Password Validation

Administration - System Settings - Password Validation

Remote Desktop Manager analyzes a password when you save an entry. A message is displayed when a password is found in the Pwned Passwords database. If you see this window you should change your password immediately. Remember to change it in Remote Desktop Manager and the actual account.

Warning to change a password that was included in a data breach

Warning to change a password that was included in a data breach

The Back End

Rest assured Remote Desktop Manager does NOT send your passwords to Pwned Passwords.

Here is how it works:

Pwned Password Check uses k-Anonymity.

Remote Desktop Manager only sends the first five characters of the SHA-1 password hast to the API.

The API sends back a list of every password hash that matches the first five characters of the hash. The API only sends back the second part of the hash.

Remote Desktop Manager compares the hashes on the list to the password hash for the password you want to use.

If there is a match you receive a warning.

Choose stronger passwords

Remote Desktop Manager makes it easy to make strong passwords. The built-in Password Generator creates secure passwords, following your specifications for password length and complexity. The password generator is available on every entry beside the field where you enter a password.

Password Generator is found on most entry where you include a password

Password Generator is found on most entry where you include a password

 

Remote Desktop Manager also has a Password Analyzer that provides feedback on all your passwords. A rating is included on the entry. It uses Zxcvbn to evaluate passwords.

You can also create a report of all your passwords by using the Password Analyzer in the Tools tab.

Tools - Password Analyzer

Tools - Password Analyzer