PasswordState compatibility with Pwnage check?

[bcloud]

After ArsTechnica's release of this article (https://arstechnica.com/information-technology/2018/02/new-tool-safely-checks-your-passwords-against-a-half-billion-pwned-passwords/) has caused my manager to ask if PasswordState would be getting support for a security check comparable to what is available through https://haveibeenpwned.com/. 

 

This seems like it could be a pretty good idea. 

[support]

Hi bcloud,

 

Thanks very much for your suggestion, and we have had a couple of request for this in the past. Once we've finished the new remote session launcher feature, we'll take a look to see what's involved.

Thanks again for the suggestion.

 

Regards

Click Studios

[Robert Brock]

Hi support,

 

It's quite simple. I hacked it into an open source Active Directory password filter I work on from time to time over a case of beer last night.

 

If you are also using C#, you may find my implementation a useful starting point, or more likely - an example of exactly how not to do it.

 

It's a little rough because I'm a secadmin with a coding habit, and well, the beer, but you are welcome to it: 

 

https://github.com/brockrob/OpenPasswordFilter/blob/master/OPFService/PwnedPasswordsAPI.cs

 

Regards,

Rob

[support]

Hey Rob,

 

Thanks very much for the info, and we'll take a look once we get the time to look at this

 

Regards

Click Studios

[support]

Hey Everyone,

 

We should have reported back here some time ago, but we now do have integration with have I been Pwned.  You'll find this option under the Bad Passwords section of the Admin area.  Hopefully you have already heard about this and sorry for not reporting back to this thread when we first introduced this feature.

 

Support.