Comment on God ****** dammit, here we go again
floofloof@lemmy.ca 1 month ago
The thing about this one is no one seems sure of the source, so you don’t know which passwords to change. To be safe you’d have to do all of them.
Some password managers (e.g. Bitwarden) offer an automatic check for whether your actual passwords have been seen in these hack databases, which is a bit more practical than changing hundreds of passwords just in case.
AlpacaChariot@lemmy.world 1 month ago
How do they do that without sending your actual passwords somewhere off your device, or downloading the full list of hacked passwords?
maxwellfire@lemmy.world 1 month ago
More details about the k-anonimity process. blog.cloudflare.com/validating-leaked-passwords-w…
JcbAzPx@lemmy.world 1 month ago
The probably hash the list of hacked passwords the same way your passwords get hashed and check for matches.
AlpacaChariot@lemmy.world 1 month ago
Interesting, thanks!
Scrollone@feddit.it 1 month ago
They connect to the Have I Been Pwned database in a secure way.
They make a hash of your password and send just the first characters.