They connect to the Have I Been Pwned database in a secure way.
They make a hash of your password and send just the first characters.
Comment on God ****** dammit, here we go again
AlpacaChariot@lemmy.world 4 months agoHow do they do that without sending your actual passwords somewhere off your device, or downloading the full list of hacked passwords?
Scrollone@feddit.it 4 months ago
JcbAzPx@lemmy.world 4 months ago
The probably hash the list of hacked passwords the same way your passwords get hashed and check for matches.
AlpacaChariot@lemmy.world 4 months ago
Interesting, thanks!
maxwellfire@lemmy.world 4 months ago
More details about the k-anonimity process. blog.cloudflare.com/validating-leaked-passwords-w…