Have I Been Pwned?

MIDAS integration with Have I Been Pwned Have I been Pwned integration for MIDAS

Ensure you're using safe passwords for your MIDAS login

Have I Been Pwned? is an online service which allows you to check if your details - including your password - have appeared in any known data breaches.
Disallow Known Breached Passwords with Have I Been Pwned

HOW IT WORKS

Disallow Known Breached Passwords

With this setting enabled, whenever a user changes their MIDAS password, the software checks that the password doesn't appear in any known online data breaches.

Privacy First

Your password is never sent to the "Have I Been Pwned" service.

What Happens Behind The Scenes?

  1. The user enters a desired new password in MIDAS.
  2. MIDAS creates a cryptographic "hash" of the password and sends the first five characters of this hash to the Have I Been Pwned service.
  3. If hashes with the same first five characters are found in the Pwned Passwords repository, the Have I Been Pwned service responds with all these hashes.
  4. MIDAS checks the received hashes to see if there's a complete match with the full hash of the proposed new password.
  5. If a match is found, then the desired new password has appeared in at least one public data breach.
  6. MIDAS will then display an alert and ask the user to enter a different password.

MORE INFORMATION

From our Blog: Improved Password Hardening

AVAILABILITY

Have I Been Pwned? integration is included as standard with both cloud hosted and self hosted editions of MIDAS room booking software.


← Back to Integrations