Compromised Password Validation

Intermedia has introduced a new security improvement: new passwords for users will be validated to prevent from using previously compromised passwords. The validation is performed using https://haveibeenpwned.com/ database.

Users may see a warning in the following cases:

  • Recovery of forgotten password
  • Updating the password after expiration
  • Setting up a user password after it has been reset by the administrator
  • Creating a new user in HostPilot

In the above cases if a user tries to use a password that has bee found in the compromised passwords database, the following warning will be shown:

login

usercreation

Note: The warning is just a notification. It will not prevent a user from using this password. However, we strongly advise against using the compromised password.

Account Contacts will also see this warning if they try to use a compromised password for mailbox in HostPilot:

CP