Quickly and easily check if a specific username/password combination is known to be compromised
The Credentials API allows you to securely lookup whether a given username/password combination exists in our database of compromised account credentials. The typical example where this API can be useful is on a website’s login form. As users login, you can check their credentials against this API to ensure that they have not been compromised. In the event that a user’s credentials have been exposed, you can force them to reset their password or take other corrective action. In this way, you can prevent cybercriminals from logging in using stolen credentials.
The Credentials API offers two different options for checks: the Hashed Credentials API and the Cleartext Credentials API:
- Hashed Credentials API This API employs a multi-step sequence where you hash your user's credentials locally and compare them against the results from the Enzoic database. It is highly recommended to use one of the pre-built Enzoic Libraries and not attempt to utilize this API directly.