In February 2018 Troy Hunt launched the Pwned Passwords v2 service which can be used, via an API, to check for any compromised passwords. Pwned Passwords is a database of over half a billion real world passwords that have been exposed in data breaches.

As of April 2018, Nimbus Hosting, decided to incorporate the API into STORM. Each time a user registers or changes their password in STORM we automatically check the password against their database. If it comes back as compromised we ask for an alternative password.

We believe this is another method in improving security for all users and the web sites hosted by STORM.