When you set or update your password on our platform, we take an extra step to help keep your account safe. We check the password you've chosen against a large, publicly available database of passwords known to have been exposed in past data breaches.
This database is maintained by “Have I Been Pwned”, a trusted resource created by renowned security researcher Troy Hunt. By doing this, we help ensure you're not using a password that may already be compromised—making your account more secure from the start.
How it Works (and what it means for you):
1. You Enter Your Desired Password: When you type in your new password.
2. We Check it Securely: Before we store your password, we perform a privacy-conscious check to see if it appears in the "Have I Been Pwned" dataset of known compromised passwords. To do this securely, we don’t use your actual password—instead, we use a cryptographic hash (a one-way representation of your password).
Your full password is never sent to any third-party service, and we never store or view it in a readable form. This check is specifically designed to protect your privacy while helping to keep your account safe.
3. If a Match is Found: If the hashed version of your password appears in the dataset, it means that the exact same password has been exposed in a previous data breach, but not from our platform. This indicates that the password may be widely known and could put your account at risk.
4. Why We Alert You: We notify you if your chosen password has appeared in a previous data breach because once a password is exposed, it’s no longer secure. Hackers often use lists of leaked passwords to try to gain access to accounts across the internet.
Using a compromised password makes your VALR account more vulnerable.
5. What To Do: If we let you know that your chosen password has appeared in a past breach, you’ll need to select a different one. Make sure it’s unique and not used on any other site. Choosing a strong, original password greatly improves the security of your account and helps protect your information.
You can find tips designed to help you create a secure password for your VALR account here.
Important:
- If we flag your chosen password, it does NOT mean your account with us has been breached. This means the password you are trying to set is already compromised by other incidents on the internet, and we are preventing you from using it to protect your account with us.
- We never send your actual password to any third-party service, nor do we see or store your password in a way that we can read it.