Skip to main content

All Questions

Tagged with
41 votes
3 answers
19k views

Is it safe to check password against the HIBP Pwned Passwords API during account registration?

User registers account on a web app. Passwords are salted and hashed. But is it safe to check the password against the HIBP Pwned Passwords API, before salting and hashing it? Of course the app uses ...
Bitenieks's user avatar
  • 533