Using Haveibeenpwned (HIBP) in a Corporate Setting?
Hello there, thank you for reading this,
i work in a small to median sized IT support business.
i'm the cyber sec junior, and i have been wondering about if i can implement HIBP in a corporate setting.
i currently use it to educate staff members on how passwords are breached, and why emails need to be secure, and i know i can use it to scan a domain and find emails linked to breaches and that i can use it as a blacklist for passwords.
is there anything else i should think about or look into?
thank you.
4 comments
[ 13.7 ms ] story [ 69.8 ms ] threadYou can also subscribe your domain to get email alerts when one of your email addresses pops up in a new breach.
i did see that, and i am tempted to test it on some of our clients to see what the feedback is. i know when i run a few of their emails through they do pop up in some of the breaches.
kind regards
https://haveibeenpwned.com/Passwords
we do enforce password policies that match best practice, just wondering if there is more i could do.