CompromisedPasswordFiltering

From UMIACS
Revision as of 00:25, 9 March 2019 by Liam (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

UMIACS passwords, in accordance with best practices recommended by NIST, will not allow passwords to be used that have been included in a known data breach. UMIACS systems will check that a new password you wish to set is not among hundreds of millions of compromised passwords.

We use the Have I Been Pwned (HIBP) corpus of passwords as the data source of passwords that are checked against.