Validates passwords against common password databases to prevent weak credential selection. Access via MCP in Cursor/Windsurf or REST at `/v1/password/is-common`. Returns boolean indicating if password appears in breach lists like rockyou.txt. Essential for registration flows and security audits where deterministic password strength validation matters.
curl "https://tinyfn.io/v1/password/is-common" \
-H "X-API-Key: YOUR_API_KEY"const response = await fetch('https://tinyfn.io/v1/password/is-common', {
headers: { 'X-API-Key': 'YOUR_API_KEY' }
});
const data = await response.json();
console.log(data);import requests
response = requests.get('https://tinyfn.io/v1/password/is-common',
headers={'X-API-Key': 'YOUR_API_KEY'})
data = response.json()
print(data)Connect your AI agent (Claude, Cursor, Windsurf, etc.) to TinyFn's password tools:
{
"mcpServers": {
"tinyfn-password": {
"url": "https://tinyfn.io/mcp/password",
"headers": {
"X-API-Key": "YOUR_API_KEY"
}
}
}
}Call the is-common-password tool with your password string. It returns true/false based on known breach databases and common password lists.
Checks against curated lists including rockyou.txt, have-i-been-pwned compilations, and other security research datasets containing millions of compromised passwords.
No, passwords are processed ephemerally for comparison only. The tool performs deterministic lookups without storing input data.
Yes, perfect for real-time password validation. Use the REST endpoint in forms or the MCP tool in AI-powered registration assistants.
Complexity rules check patterns (length, characters) while this checks actual breach history. A 12-character password can still be common if it's 'Password123!'.
Get your free API key and start using Is Common Password in seconds.
Get Free API Key