Comment on God ****** dammit, here we go again
floofloof@lemmy.ca 3 weeks ago
The thing about this one is no one seems sure of the source, so you don’t know which passwords to change. To be safe you’d have to do all of them.
Some password managers (e.g. Bitwarden) offer an automatic check for whether your actual passwords have been seen in these hack databases, which is a bit more practical than changing hundreds of passwords just in case.
AlpacaChariot@lemmy.world 3 weeks ago
How do they do that without sending your actual passwords somewhere off your device, or downloading the full list of hacked passwords?
maxwellfire@lemmy.world 3 weeks ago
More details about the k-anonimity process. blog.cloudflare.com/validating-leaked-passwords-w…
JcbAzPx@lemmy.world 3 weeks ago
The probably hash the list of hacked passwords the same way your passwords get hashed and check for matches.
AlpacaChariot@lemmy.world 3 weeks ago
Interesting, thanks!
Scrollone@feddit.it 3 weeks ago
They connect to the Have I Been Pwned database in a secure way.
They make a hash of your password and send just the first characters.