Comment on God ****** dammit, here we go again
floofloof@lemmy.ca 15 hours ago
The thing about this one is no one seems sure of the source, so you don’t know which passwords to change. To be safe you’d have to do all of them.
Some password managers (e.g. Bitwarden) offer an automatic check for whether your actual passwords have been seen in these hack databases, which is a bit more practical than changing hundreds of passwords just in case.
AlpacaChariot@lemmy.world 13 hours ago
How do they do that without sending your actual passwords somewhere off your device, or downloading the full list of hacked passwords?
maxwellfire@lemmy.world 6 hours ago
More details about the k-anonimity process. blog.cloudflare.com/validating-leaked-passwords-w…
JcbAzPx@lemmy.world 13 hours ago
The probably hash the list of hacked passwords the same way your passwords get hashed and check for matches.
AlpacaChariot@lemmy.world 13 hours ago
Interesting, thanks!
Scrollone@feddit.it 8 hours ago
They connect to the Have I Been Pwned database in a secure way.
They make a hash of your password and send just the first characters.