Back in February Pwned Passwords launched an API service for their database of compromised passwords. At Nimbus Hosting, as security is so important, we decided to integrate this into STORM. Each time a password is set, ie when someone new registers to use STORM or changes their password in their profile we automatically check it against the Pwned Password database. Before checking the password with Pwned Password API it’s hashed so your password is never revealed to anyone. On top of this when we save your password into our database we encrypt it so it's never saved in plain text.
Pwned Password database has a list of over 500 million compromised passwords that have been gathered from a number of worldwide high profile compromises. On their web site they have a number of additional features. You can find out which website leaked your password, search their database for your email address to see if you’ve been caught up in any other data or sign up to their notification service.
Integrating this feature into STORM has pushed our security onto the next level to keep your web site and server secure.