-
PassFilter
PassFilter is a dll that can be loaded into LSASS to filter passwords which are included in an offline HIBP file.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
hibppwdflt
An Windows LSA Password Filter DLL to exclude leaked password from "Have I been Pwned" database (Offline)
-
ISO-27001-2013-information-technology-security
:closed_lock_with_key: Probably the most boring-but-necessary repo on GitHub. If you care about the security/privacy of your data...! :white_check_mark:
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Here's a good and free tip: A unique password breached can be turned around to better know your enemy. Set-up a canary honeypot and monitor your environment for it:
See https://github.com/thinkst/opencanary
When my company set up the Active Directory f.e. we put a LSA password filter[0] in place that checks against HIBP. The password policy was set to expire every 90 days, atleast 15 characters and dont enforce a history. The non existent history was clearly communicated and users are encouraged to just enter their existing password three times when it expires. That way there is only one place where the passwords are checked for leaks and they are already there in plain, so it is manageable and doesn't add that much attack surface.
[0]: Something like https://github.com/fblz/PassFilter or https://github.com/rlabolle/hibppwdflt
When my company set up the Active Directory f.e. we put a LSA password filter[0] in place that checks against HIBP. The password policy was set to expire every 90 days, atleast 15 characters and dont enforce a history. The non existent history was clearly communicated and users are encouraged to just enter their existing password three times when it expires. That way there is only one place where the passwords are checked for leaks and they are already there in plain, so it is manageable and doesn't add that much attack surface.
[0]: Something like https://github.com/fblz/PassFilter or https://github.com/rlabolle/hibppwdflt
Nope: https://github.com/dwyl/ISO-27001-2013-information-technolog...
Nope: https://github.com/dwyl/ISO-27001-2013-information-technolog...