Google Adds Password Checkup Feature to Chrome Browser
Google’s new password checkup tool joins other similar services including Have I Been Pwned and Mozilla’s Firefox Monitor. Continue reading Google Adds Password Checkup Feature to Chrome Browser
Category Archives: Have I been pwned?
Chrome users ignoring warnings to change breached passwords
If you were told that the password you had just entered was known to have been compromised in a data breach, what would you do? Continue reading Chrome users ignoring warnings to change breached passwords
Why would I ‘have been pwned’ on a website that I never had an account on?
I was recently sent a notification by https://haveibeenpwned.com/ that one of my email addresses has been found in a breach, in particular in a breach of https://www.chegg.com. I am positive I never signed up for an account t… Continue reading Why would I ‘have been pwned’ on a website that I never had an account on?
Hacking forum spills rival’s 321,000 member database
When users of hacking forums turn on each other, expect things to get messy quickly. Continue reading Hacking forum spills rival’s 321,000 member database
Welcoming the Irish Government to Have I Been Pwned
Over the last year and a bit I’ve been working to make more data in HIBP freely available to governments around the world that want to monitor their own exposure in data breaches. Like the rest of us, governments regularly rely on services that fall victim to attacks resulting in
Continue reading Welcoming the Irish Government to Have I Been Pwned
Is super paranoid use of HaveIBeenPawned password API going to help?
They way I understand HaveIBeenPawned password API is that it’s a safe system because the site “can’t do much with my partial hash even if they wanted to”. But is that really true?
Is the following scenario feasible?
… Continue reading Is super paranoid use of HaveIBeenPawned password API going to help?
Is there a reason why I should not use the HaveIBeenPwned API to warn users about exposed passwords?
There’s lots of talk about the HaveIBeenPwned password checker which can securely tell users if their password appears in one of their known data dumps of passwords.
This tool has a publically available API behind it which w… Continue reading Is there a reason why I should not use the HaveIBeenPwned API to warn users about exposed passwords?
Sextortion with actual password not found in leaks
I have received one of those typical sextortion scams (“drive-by exploit”, filmed by webcam (mine has tape on it), pay bitcoin etc.). The thing is that an old password of mine is included (I don’t even remember where I used i… Continue reading Sextortion with actual password not found in leaks
Firefox to pile on more native privacy features
Mozilla is integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned website. Continue reading Firefox to pile on more native privacy features
Authentication and the Have I Been Pwned API
The very first feature I added to Have I Been Pwned after I launched it back in December 2013 was the public API. My thinking at the time was that it would make the data more easily accessible to more people to go and do awesome things; build mobile clients,
Continue reading Authentication and the Have I Been Pwned API