ah yes. type your password in here we totally wont steal it
Comment on Mozilla’s new service tries to wipe your data off the web
Bitrot@lemmy.sdf.org 4 months agoThey are talking about the password lookup: haveibeenpwned.com/Passwords
But, it’s the same deal. You have to trust they are actually doing what they say. Mozilla uses haveibeenpwned for their basic Monitor service too.
ambrosiaforest@lemmy.blahaj.zone 4 months ago
claudiop@lemmy.world 4 months ago
Y’know that you can see the requests your browser makes, right? Mind putting in here a screenshot of HIBP uploading your password or any complete hash of it?
Failing to provide that grants you the “talking shit out of ya ass” award.
Nyfure@kbin.social 4 months ago
To be fair, you can check the code they run or just use the API.
The hash is calculated locally, cut-off and then send, the server returns all hashes it found which start with your one and then you can check if yours in in the list locally.