The Back End

Rest assured that RDM does NOT send your passwords in plain text to Hunt’s database system. Here is how the back end workflow looks:

The Pwned Passwords Check uses k-Anonymity, and RDM only sends the first 5 characters of an SHA-1 password hash to be passed to the API.

RDM accesses a list of every password that was found in the Pwned Passwords repository containing the first 5 hash characters.

RDM compares the passwords found on the list to the password you want to use, and if there is a match you receive a warning.

Help Generating Strong Passwords

Also, remember that RDM has a built-in Strong Password Generator and a Password Analyzer to help you choose more secure passwords and improve your security best practices. The Pwned Passwords Check adds an extra layer of security to your enterprise — and more peace of mind.

Tell Us What You Think

My view on the Pwned Passwords Check aren’t a secret: I love it! But what you guys think is more important, because we add new features for you — not for us (although we get the same benefits as you do).

So please share your comments below. Tell us what you like, what you don’t, and what you want us to change, improve, fix, overhaul, eliminate…there’s no limit. We’re always listening to you, and striving to find new ways to keep your accounts and data from being pwned!

As always, please let us know your thoughts by using the comment feature of the blog. You can also visit our forums to get help and submit feature requests, you can find them here.