HIBP Archives - darrenjrobinson - Bespoke Identity and Access Management Solutions

February 22, 2018August 20, 2020

Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager v2, k-Anonymity and Have I Been Pwned

Microsoft Identity Manager - Have I Been Pwned

<img width="640" height="121" src="https://i0.wp.com/blog.darrenjrobinson.com/wp-content/uploads/2018/02/HIBP-640px.png?resize=640%2C121&ssl=1" class="attachment-twentyseventeen-featured-image size-twentyseventeen-featured-image wp-post-image" alt="Microsoft Identity Manager - Have I Been Pwned" decoding="async" srcset="https://i0.wp.com/blog.darrenjrobinson.com/wp-content/uploads/2018/02/HIBP-640px.png?w=640&ssl=1 640w, https://i0.wp.com/blog.darrenjrobinson.com/wp-content/uploads/2018/02/HIBP-640px.png?resize=300%2C57&ssl=1 300w" sizes="(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px" />

Background

In August 2017 Troy Hunt released a sizeable list of Pwned Passwords. 320 Million in fact.

I subsequently wrote this post on Identifying Active Directory Users with Pwned Passwords using Microsoft/Forefront Identity Manager which called the API and sets a boolean attribute in the MIM Service that could be used with business logic to force users with accounts that have compromised passwords to change their password on next logon.… keep reading