Overview#
Password Dictionary is a list or service that provides passwords that are either considered too Simple or compromised.Password Dictionary is a of dictionary words, leaked password databases and books.
Password Dictionary are often used by Attackers performing Brute-Force attacks.
Password Dictionary are also used during Password Change and Password Reset operations to determine if the Password listed.
A common Password Dictionary is OWASP's SecLists
compromised Credentials Letter#
We are writing to let you know that we have reset your password because we have detected login credentials that match yours in a publicly accessible database related to a compromise of a third party website. Currently, the "mega lists" of compromised Credentials from third-party websites have over 3.8 billion entries and include leaks from websites including LinkedIn, Elance, Dropbox and Adobe. As a precautionary security measure, we have reset your ?????? password, and require you to create a new oneHave I been pwned?[1]#
I'm Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.I created Have I been pwned? as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.
Short of the odd donation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today's modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!
More Information#
There might be more information for this subject on one of the following:- Draft-behera-ldap-password-policy
- NIST.SP.800-63B
- Password Authentication is Broken
- Password Guessing Attacks
- Password Quality
- Password Validator
- Verizon Data Breach Investigations Report
- [#1] - Have I been pwned? - based on information obtained 2017-07-27-
