Prevent account takeover and credential stuffing

Don’t allow unauthorized access using known compromised credentials

We collect the stolen credentials that have been publicly posted and check them to see if the stolen email and password combination matches the same email and password being used on Facebook.Chris Long, Facebook Security Engineer
Protect The Graph, Oct 2014
ATO is a growing problem

Account takeover (ATO) and credential stuffing attacks are rapidly increasing due to the ease in which customer accounts can by hijacked using credentials breached on other sites

Fraud is expensive

Multiple studies show total fraud incident costs are twice the cost of the fraud itself. And regardless of the size, consumers blame the brand, lose confidence, and often take their business elsewhere.

Proactive prevention for ATO

PasswordPing checks every login to identify and block access using known compromised credentials, an approach previously prohibitive to all but the largest organizations.

Cybercriminals rely on the fact that most people reuse the same login credentials on multiple sites. Block them from using stolen credentials for account takeover attacks and credential stuffing.

PasswordPing Credentials API

Flow for PasswordPing for Active Directory
How it works

1. At the login page, a visitor enters a username and password.

2. If the credentials are valid, a new process calls the PasswordPing API to determine if the credentials have been compromised.

3. If the credentials have been compromised, the user is informed and prompted to reset their password, eliminating the reuse of compromised credentials on your site or web app.

* Optional: During the password reset, an additional check of PasswordPing can make sure the user selects a password that has never been compromised.

PasswordPing closes the obvious and unacceptable risk of allowing known compromised credentials to be used on your site. Our solution is the simplest and most cost effective way to harden the password layer in your overall security architecture.
The most common targets for ATO and account hijacking are sites that hold access to value within the individual account (e.g. ability to transfer funds, obtain products / services, access to redeem loyalty points, or personal information that can be resold on the black market).
Maintaining our compromised credential database is fundamental to our business model. Our database contains multiple billions of carefully indexed records and is continuously updated through automation and by our threat analyst team.
We are hosted on Amazon Web Services and architected for low latency response times to meet the needs of the highest traffic global Internet sites. Typical response time to our API is around 200ms.
Security is essential to everything we do. Among other security measures, all credentials in our database are encrypted and only stored in a salted and strongly hashed format where we have absolutely no way of recovering username and password combinations. No data submitted to our service is logged and everything in memory is zeroed out at the end of the call. Please see our security overview or contact us for more details.
For organizations unable to use our cloud-based service, we offer the option of an on-premises deployment of our service.
Our pricing is tailored based on the services required and cloud versus on-premises deployment. There are volume discounts that scale based on the total number of calls to our API, along with accounts and domains monitored. Please request a custom price quote today.
Simple RESTful APIs and SDKs make it simple to add PasswordPing to your site with minimal impact or effort. The typical use case involves wiring calls to our API from your login and change password forms. Please see our API docs for details.
Yes, please request a free trial today.

API Services
At its core, PasswordPing is a massive cloud database of exposed credential data with web-based API services that help you protect your organization from compromised credentials.
Learn More

Call with Questions

Enterprise Security

Built for the most security conscious organization.
Read our Security Overview