Collaborate Disseminate
What if I told you… that you could run a website from behind Cloudflare and only have 385 daily requests miss their cache and go through to the origin service?
No biggy, unless… that was out of a total of more than 166M requests in the same period:
Yep, we
Continue reading To Infinity and Beyond, with Cloudflare Cache Reserve
I think I’ve pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable
Continue reading Pwned Passwords Adds NTLM Support to the Firehose
I feel the need, the need for speed.
Faster, Faster, until the thrill of speed overcomes the fear of death.
If you’re in control, you’re not going fast enough.
And so on and so forth. There’s a time and a place for going fast,
Continue reading I Wanna Go Fast: How Many Pwned Password Queries Can You Make Per Second?
In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned’s (HIBP’s) Pwned Password API. 99.7% of the time, that check went no further than one of hundreds of Cloudflare edge nodes spread
Continue reading Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!
It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. The hard bit for me is figuring out whether it’s
[Wladimir Palant] seems to be on a one man crusade against security problems in security software. The name may not be immediately recognizable, but among his other infamies is originating Adblock Plus, which we have a love-hate relationship with. (Look, surf the net with an adblocker, but disable it for …read more
Continue reading This Week in Security: Bitdefender, Ripple20, Starbucks, and Pwned Passwords
Today, almost one year after the release of version 5, I’m happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964 (just over 3%). As with previous
Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from
Continue reading Enhancing Pwned Passwords Privacy with Padding
New cybersecurity threats are continuously emerging in light of our increasingly connected world, AI, 5G, and other enterprise trends. In this ever-changing landscape, there is one constant: passwords remain the primary authentication method for access… Continue reading Pwned Passwords: The Epicenter of Your Cybersecurity Storm
Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn’t so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing