README

Generic php service built to query Troy Hunt's https://pwnedpasswords.com API service and let you know how "broken" is your password, without actually sending your password.

More info about this on Troy's first blog post (about Pwned Passwords v1), the follow up post (about v2, the version used by this library) and finally the post on Cloudflare blog (in which k-anonymity is explained in depth).

Installation

Via composer: composer require esolitos/pwnedpasswords

Usage

The usage is very simple, just create the object and call

$mySafePassword = 'p@ssword';

$validator = Esolitos\PwnedPasswords\PwnageValidator();
$pwnedCount = $validator->getPasswordPwnage($mySafePassword);

print_r($pwnedCount)

> 47205

Bonus points: Drupal module

This library was initially built for the drupal module: Pwned Passwords