Make sure that your passwords

Don’t let a third-party data breach jeopardize the security of your business

  • This field is for validation purposes and should be left unchanged.

INTRODUCTION

What is EyeOnPass and how will it benefit my business?

EyeOnPass is an ever-evolving database containing, at the time of writing, over 1 billion breached unique passwords. But this number is constantly growing.

Learn More
PASSWORD
CHANGE
SIGN UP
LOGIN

YOUR COMPANY NEEDS TO BE PROTECTED

The size and complexity
of data breaches

No matter how strong a password may be, once it’s been involved in a breach, it is considered burned, and is dangerous to re-use.

breached passwords
Protect your business

GROWING DANGER

The threat to your

E-commerce sites, web and mobile apps are extremely vulnerable to these kinds of attacks. Set to be worth a staggering $2.4trillion by 2019, the global e-commerce market is just too tempting a prize for the fraudsters, and the cost of this fraud is enormous.

Protect your business
2013 $121
2017 $172
The average cost per record in a data breach is $172*, up 29% since 2013.

https://smallbiztrends.com/2017/02/cost-of-a-data-breach.html

NIST SP 800-63-3 [SECTION 5.1.1.2]

When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include, but is not limited to:

Passwords obtained from previous breach corpuses.
Dictionary words.
Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).

Context-specific words, such as the name of the service, the username, and derivatives thereof. If the chosen secret is found in the list, the CSP or verifier SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value.

Protect your website from fraudsters

Hackers are constantly trying to access customer accounts using stolen passwords, and with attacks like these on the rise, your site could very well be their next target.

If your website falls victim to fraud, it could seriously harm your business. Not only are you likely to lose revenue, but an attack like this is going to have a dramatic effect on the reputation of your brand, and could well result in potential clients taking their custom elsewhere.

Don’t take that risk. With EyeOnPass you can ensure breached passwords never present malicious hackers with the opportunity to abuse your customer’s accounts, and your site will remain a trusted and secure place for your users.

Keep costs down

Dealing with the aftermath of a data breach is not only complicated and time-consuming, but it can also be expensive too. Hiring IT staff to monitor and, in the result of a data breach, re-establish the security of your site can swallow up a significant amount of your operational costs.

EyeOnPass slashes these costs. This advanced API uses state of the art security techniques to stop users from entering breached credentials into your website. Without this dangerous account information present on your website, malicious hackers will have to look elsewhere.

Dedicated to preventing breached passwords from being used on your site, EyeOnPass WILL save you money.

Leaked credentials affecting Global Fortune 500 companies in 2017

$M

Average loss to companies in a data breach

$

Average cost per record in a data breach

Protect your business

THERE IS A SOLUTION

EyeOnPass easy-to-use API

PHP
$res = eop_check($api_key, "password");
if ($res < 0) {
	switch ($res) {
		case EOP_API_ERROR:
			echo "API error";
			break;
		case EOP_AUTH_ERROR:
			echo "Authentication error";
			break;
		case EOP_NETWORK_ERROR:
			echo "Network error";
			break;
		case EOP_UNKNOWN_ERROR:
			echo "Unknown error";
			break;
	}
} else if ($res > 0) {
	echo "The password has been compromised";
} else {
	echo "The password is OK";
}									    
Go
e, err :=  eop.New("./eopplugin.so", "your api key")
if err != nil {
	 log.Fatal(err)
}

fmt.Println(e.Hash("Pa$$w0rd"))
risk, err :=  e.Check("Pa$$w0rd")
if err != nil {
	log.Fatal(err)
}
if risk > 0 {
	 fmt.Println("The password has been compromised")
} 
else {
	 fmt.Println("The password is OK")
}									    
Ruby
require_relative "eop"

eop = EOP.new("your api key", "libeop.so")

if result < 0
   case result
        when EOP_API_ERROR
             puts "API error"
        when EOP_AUTH_ERROR
             puts "Authentication error"
        when EOP_NETWORK_ERROR
             puts "Network error"
        else
             puts "Unknown error"
        end
   elsif result > 0
       puts "The password has been compromised"
   else
       puts "The password is OK"
   end
end									    
Python
import eop

e = eop.EOP("your api key", "libeop.so")
try:
    result = e.check("Pa$$w0rd")
    if result < 0:
        if result == eop.API_ERROR:
            print("API error")
         elif result == eop.AUTH_ERROR:
            print("Authentication error")
         elif result == eop.NETWORK_ERROR:
            print("Network error")
         else:
            print("Unknown error")
    elif result > 0:
        print("The password has been compromised")
     elif:
        print("The password is OK")									    
C\C++
#include 
#include "libeop.h"

int main(void)
{
    int timeout = 0;  //When timeout is 0, use the default 30 second timeout
    int retries = 0;
    int result = EOPCheck("your api key", "Pa$$w0rd", timeout, retries);
    if (result < 0) {
        switch (result) {
        case EOPAPIError:
            puts("API Error");
            break;
        case EOPAuthError:
            puts("Authentication error");
            break;
        case EOPNetworkError:
            puts("Network error");
            break;
        default:
            puts("Unknown error");
            break;
        }
    } else if (result == 0) {
        puts("The password is OK");
    } else {
        puts("The password has been compromised");
    }
}									    
Javascript
try {
    result =  eop.checkSync( 'Pa$$w0rd' );
    if( result > 0 ){
         console.log( "The password is OK" )
    } 
    else {
         console.log( "The password has been compromised" )
    }
} 
catch( ex ) {
     console.error( ex.code, ex.message );
}									    
Java
EOP eop = new EOP("your api key", "./libjnieop.so");

 try {
         int risk = eop.check("Pa$$w0rd");
            if (risk > 0) {
                System.out.println("The password has been compromised");
            } 
            else {
                System.out.println("The password is OK");
            }
        } 
        catch (EOPAuthException e) {
            System.out.println("Error authenticating. Wrong API key?");
        } 
        catch (EOPAPIException e) {
            System.out.println("API error");
        } 
        catch (EOPNetworkException e) {
            System.out.println("Network error");
        } 
        catch (EOPUnknownException e) {
            System.out.println("Unknown error");
        }
}									    

AS SEEN ON: