Breached Password Detection

Prevent users from using compromised credentials to sign up or log in.

START FREE TRIAL
Features
We find compromised passwords

We find compromised passwords

FusionAuth checks user login credentials against a set of leaked databases that we've collected from all over the Internet, even the hard to reach places.

Protect your users and applications

Protect your users and applications

You can enable Breached Password Detection during account creation, password resets, password changes and login. You can then force the user to change their password or notify them of the breach via email.

Simple integration

Simple integration

Receive a webhook event for every breached password found. This allows you to trigger external actions when a compromised password is found. You might want to lock an account, gather information for further analysis or notify an internal team.

Learning center

Featured White Paper

Attackers have an infinite number of ways into your systems. In a perfect world, organizations could mitigate the risk of unauthorized access if users practiced proper password etiquette. Unfortunately, geting users to adopt good password hygiene across the board is a losing battle.

GET THE WHITE PAPER

Featured Video

Detecting if your users have passwords which have been compromised is a key part of securing your systems. It has the added benefit of doing so with little to no user experience impact.

WATCH NOW
Pricing for Editions

Screenshots

Detect Breaches

See the total number of checked passwords, detected breaches and accounts with action required.

Manage users

Easily find and manage users with compromised credentials.

Update passwords

Users can be required to change their breached password when signing in.

External resources

NIST Digital Identity Guidelines: Authentication and Lifecycle Management (PDF)

"[If the system] disallows a chosen memorized secret based on its appearance on a blacklist of compromised values, the subscriber SHALL be required to choose a different memorized secret."

READ NOW

Academic Research: (How) Do People Change Their Passwords After a Breach? (PDF)

"...new passwords were overall more similar to participants' other passwords, and participants rarely changed passwords on other sites even when these were the same or similar to their password on the breached domain."

READ NOW
Hosting

FusionAuth is Complete Auth for Any App

FusionAuth is a complete solution with no sacrifices.
We got this. Go build something awesome.

GET STARTED FOR FREE
Callout