LogoLogo
  • Overview
    • About
    • Integrations
      • Perkville API
      • Partners
      • Integrating Perkville
        • API requirements
        • Automating your program using Perkville's API
        • Integrating Your Mobile App with Perkville
          • Page to initiate the PKCE flow.
          • Joining the loyalty program
          • Referral page
            • Referred prospects
          • Point history page
          • Earning rules page
          • Rewards page
            • Redeem confirmation page
          • Vouchers page
            • Mark voucher used confirmation page
          • Challenges page
            • Challenge details page
      • Integration Reference
        • ABC Ignite
          • ABC Ignite Engagement app
            • Home screen
            • Intro page
            • Authorize ABC Fitness page
            • Points page
            • Earning page
            • Rewards page
              • Redeem reward
              • Reward voucher
            • Referral page
        • Mariana Tek
        • Shopify
    • Security
  • Features
    • Loyalty program rules
      • Earning rules
        • Join
        • Birthday
        • Custom
        • Referral
          • Referral offer
          • Completing a referral
          • Referral flow
            • 1. Share referral offer
            • 2.Receive referral offer
            • 3. View offer details
            • 4. Claim offer
            • 5. Receive voucher
            • 6. Earn points for completed referral
        • Twitter (X)
        • Activities
      • Redeeming rules
        • Custom rewards
        • External rewards
    • Promotions
      • Frequency bonus
        • For customers: How a monthly/weekly bonus works
      • Time bonus
      • Promotion bonus
    • Challenges
      • Creating a challenge
    • Emails
      • Invitations
      • Point earning notification
      • Weekly summary
      • Redemption
      • Challenge emails
        • Challenge invitation
        • Challenge progress notification
    • Managing customers
      • Referrals
      • Customer profile
        • Managing customer emails
        • Program Status
        • Ad-hoc points, redemptions, and adjustments
        • Transfer account data
        • Voiding transactions
        • Perkville email subscription status
        • Reversing a user's Perkville account closure
      • Bulk point updates
        • Add / Redeem page
        • CSV upload
      • Inviting customers
      • Export customer list
    • Settings
      • Advanced
        • Agreements
        • Allowed registration URLs
        • Business dashboard message section
        • Integration platform
        • Join restriction
        • Membership settings
        • Prohibit staff from earning or redeeming points
        • Referral offer claim options
      • Advertising
      • Business info
      • Branding
        • Branding step 1: logo and colors
        • Branding step 2: web pages and emails
        • Setting up a custom branded domain
        • Setting up custom branded emails
      • Challenges
        • Global Challenge Settings
        • Challenge Settings
        • Challenge Progress Activities
        • Challenge Rewards
        • Challenge Invitations
      • Locations
      • Prohibit Customers
      • Staff members
    • Vouchers
    • Reports
      • Redemption Details Report
      • Points By Location
      • Redemption Overview
      • Referral Details
      • Referral Overview
      • Registration Rate Overview
      • Customer list export with points
      • Challenge Overview
    • Agency
      • Ad terms
      • Suppressions
      • Advertisers
      • Images
      • Creatives
      • Campaigns
      • Obtaining business approval
  • FAQs
    • End customer FAQs
      • I'm unable to join a business' loyalty program. What should I do?
    • Miscellaneous
      • Protecting against password reuse
      • Is it possible to pre-populate the email address field on the page for joining the reward program?
      • I need to change the support email that displays in the footer. How can I do that?
      • I would like to reactivate my business' Perkville account.
      • How do I control my email notifications?
      • How do I update my billing information (e.g. credit card on file)?
    • Onboarding
      • Can Perkville migrate data from other loyalty / rewards software platforms?
      • Is it possible to invite customers with a link in our own emails rather than through Perkville?
      • The reward images that I added look blurry. How can I fix this?
    • Managing emails and names
      • Can you merge two emails into the same account?
      • I would like to correct an email on an account. How do you do that?
      • Can I change which email my customer receives their notifications?
      • Can I remove an email address from a customer's account?
      • Can you change the name of a customer?
      • My customer has two accounts. What should I do?
      • How Do I Change the Email That I Use to Log in to Perkville?
      • My customer does not want to receive emails every time. What should I do?
      • How do I reset my password?
      • Answering "How can I deactivate my Perkville points account?"
    • Points
      • My customer's points are being expired. Why?
      • My customer is missing points. What should I do?
      • How do we add points to a customer or member account?
      • Can you reactivate points that expired?
    • Redemptions
      • A customer accidentally redeemed a reward. What should I do?
    • Referrals
      • Can you reward a customer for referring their friend?
      • Do referral offers expire and if so, is the referral notified?
      • I don't want customers to automatically get referral points. I want to manually complete referrals.
      • Referral submission error for front desk staff
      • How do I check if a referral has been submitted and its status?
Powered by GitBook
LogoLogo
On this page
  • Validating that your password has not been implicated in a prior data breach at a different company
  • What to do if your password has been compromised

Was this helpful?

  1. FAQs
  2. Miscellaneous

Protecting against password reuse

This article describes how Perkville helps protects against credential stuffing, and what you can do to secure your account

Perkville helps protect your account from credential stuffing, a type of attack where previously-gathered credentials from other data breaches (at other products) are used in order to gain access to a different product. Why does this work? Because many users re-use the same passwords across multiple products and services.

The best way to protect yourself from credential stuffing is to use a password manager, such as iCloud Keychain or 1Password, to generate a secure, unique password at every product you or your staff use.

Validating that your password has not been implicated in a prior data breach at a different company

Perkville helps protect your account by, every time you log in, verifying that your password has not previously been implicated in a data breach at another company. How can we verify this? With the help of web application security expert Troy Hunt's Have I Been Pwned (HIBP), a free and oft-updated database of passwords from known data breaches.

When you log in, we hash your password and send the first five bytes of the hash to HIBP's API. They return a list of matching hashes, and we look for a match to your hash. In this way, your password isn't sent to HIBP, but we are able to tell from HIBP if the password has appeared in a prior breach.

HIBP also returns the number of data breaches that have included each password, allowing us to generate a helpful message that includes that number.

These validation steps are sanctioned and strongly recommended by the Open Web Application Security project.

What to do if your password has been compromised

If you see a message like "Your current password has appeared in [ ] data breaches," all you have to do is follow the reset password flow and select a new password.

We strongly recommend using a password manager, such as iCloud Keychain or 1Password, to generate a secure, unique password for every product you use.

If you use that password on any other service, we strongly recomend updating those other service passwords as well.

PreviousMiscellaneousNextIs it possible to pre-populate the email address field on the page for joining the reward program?

Last updated 3 days ago

Was this helpful?