Improved Security with Pwned Passwords

Published on April 12th, 2018

Back in February Pwned Passwords launched an API service for their database of compromised passwords. At Nimbus Hosting, as security is so important, we decided to integrate this into STORM. Each time a password is set, ie when someone new registers to use STORM or changes their password in their profile we automatically check it against the Pwned Password database. Before checking the password with Pwned Password API it’s hashed so your password is never revealed to anyone. On top of this when we save your password into our database we encrypt it so it’s never saved in plain text.

Pwned Password database has a list of over 500 million compromised passwords that have been gathered from a number of worldwide high profile compromises. On their web site they have a number of additional features. You can find out which website leaked your password, search their database for your email address to see if you’ve been caught up in any other data or sign up to their notification service.

Integrating this feature into STORM has pushed our security onto the next level to keep your web site and server secure.

Newsletter Signup

Signup to the STORM News for regular updates