Frequently Asked Questions

Get answers to commonly asked questions

At its core, PasswordPing is a massive cloud database of exposed credential data with web-based API services that help you protect your organization from compromised credentials. We help our clients to block attacks that use compromised credentials and offer breach notification to alert them of credentials that have been compromised.
Nearly two thirds of data breaches involve weak or stolen login credentials, with substantial damage to reputation and financial loss. PasswordPing hardens the password layer to keep you secure.

Strong password requirements may actually be part of the problem. The difficulty creating and remembering complicated passwords increases the temptation to reuse the same password. Read more about strong passwords.

Not so much. Having more security layers is definitely better, but neglecting to protect passwords just weakens an essential layer. If your organization is investing in multi-factor (and the added effort that imposes on your users), allowing them to use known compromised credentials just doesn’t make sense.

The data is sourced from the public Internet and Dark Web and therein lies the problem: a cybercriminal can get this data and use it to threaten your organization. To maintain our database we use the combination of proprietary automated processes, submitted contributions and diligence of our threat intelligence team.
The PasswordPing compromised credential database contains multiple billions of carefully indexed records and is consistently being updated. All that said, you should be somewhat wary of firms quoting record counts because the same credentials tend to be found repeatedly across multiple sources.

When we report a credential exposure, we share extensive details about what we found, including: the site where it was found, the total number of credentials in the exposure, what types of data we found (physical address, phone, etc), the format of passwords (clear text, MD5) and more. Read more in our Developer Docs.

No. Although some of the raw breach data we run across certainly includes this type of information, we store absolutely no financial or personal information.

PasswordPing is designed to exceed the most stringent requirements of enterprise security professionals. We offer both SaaS and On-Premises deployments of our solution. The credentials in our database are encrypted and only stored in a salted and strongly hashed format where we have absolutely no way of recovering the original data. And we never store submitted data; it is kept in memory on our servers only long enough to perform the database lookup and then the memory is zeroed out at the end of the call. Read more in our Security Overview

Yes. Our cloud architecture is hosted by Amazon Web Services, the same environment used by some of the largest service providers. Typical response time for our API is sub 200ms. We also offer the option of an on-premises deployment. Please contact us to review your high-performance and availability requirement.
Our pricing is tailored based on the services required and deployment type. There are volume discounts that scale based on the total number of calls to our API, along with accounts and domains monitored. Please contact us for a price quote today or call us at 1-720-593-1525.
You can review our API documentation here. Feel free to contact us with any questions. We appreciate feedback requests.