Knowledge Base

Specops Breached Password Protection (formerly Blacklist) is used to prevent breached passwords from being used in your environment. Connectivity to the following URLs or IP addresses is required (note that firewall SSL inspection is not supported – SSL inspection exceptions to the following URLs or IP addresses will also need to be configured).

Please see the tables below for URLs or IPs that you will need to allow connectivity to for Breached Password Protection to work correctly.

Breached Password Protection Express

Breached Password Protection Express (on-premise subset of Breached Password Protection Complete used to block breached passwords in real time at the computer password change prompt). Access is required from systems running Password Policy Domain Administration when downloading the Express list.

Breached Password Protection Complete

Breached Password Protection Complete uses the Specops Arbiter gateway component to connect to the Breached Password Protection cloud API and check passwords against the complete list of breached passwords). The following hosts must be accessible from your Arbiter server(s):

*For Version of Specops Password Policy 7.4 and earlier only
**IP addresses are dynamic based on CDN provider. You can use https://cachecheck.opendns.com to view many of the IP addresses.