Collaborate Disseminate
When I launched Pwned Passwords in August, I honestly didn’t know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data “as a service” by either a plain text password or a SHA-1 hash. (Incidentally,…
Continue reading Enhancing Pwned Passwords Privacy by Exclusively Supporting Anonymity
The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can’t remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn’t…
Continue reading Have I Been Pwned is Now Partnering With 1Password
In a sign of just how hackers can obtain really sensitive data, image boards are circulating email addresses and other alleged account details on users of at least one bestiality site. Continue reading Thousands of Bestiality Users Exposed in Hack
There’s no way to sugar-coat this: Have I Been Pwned (HIBP) only exists due to a whole bunch of highly illegal activity that has harmed many individuals and organisations alike. That harm extends all the way from those in data breaches feeling a sense of personal violation (that’s certainly how…
User registers account on a web app. Passwords are salted and hashed.
But is it safe to check the password against the HIBP Pwned Passwords API, before salting and hashing it? Of course the app uses TLS.
So if the password is found on any… Continue reading Is it safe to check password against the HIBP Pwned Passwords API during account registration?
Researchers might have discovered a simple way to get more computer users to opt for strong passwords – tell them how easy their weak choices would be to hack. Continue reading Can emojis save you from a terrible password?
If I’m honest, I’m constantly surprised by the extent of how far Have I Been Pwned (HIBP) is reaching these days. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking “I wonder if people actually know where their data…
In the immortal words of Ricky Bobby, I wanna go fast. When I launched Pwned Passwords V2 last week, I made it fast – real fast – and I want to talk briefly here about why that was important, how I did it and then how I’ve since shaved another…
Continue reading I Wanna Go Fast: Why Searching Through 500M Pwned Passwords Is So Quick
Troy Hunt has expanded his Pwned Passwords tool with 80 million more passwords, to help users find if their passwords have been compromised. Continue reading Revamp of ‘Pwned Passwords’ Boosts Privacy and Size of Database
Troy Hunt has expanded his Pwned Passwords tool with 80 million more passwords, to help users find if their passwords have been compromised. Continue reading Revamp of ‘Pwned Passwords’ Boosts Privacy and Size of Database