The HaveIBeenPwned website has been enhanced with a new feature. Previously, it could have been used to verify individual e-mail addresses for presence in the database. It was also possible to download SHA1 databases containing disclosed passwords and verify whether the password is “known” – namely, whether it had been previously used by someone who had lost it.
There has been a new verification option available for several days. It utilizes dedicated API and instantly checks whether the password that is entered in the web app is not already known “to the public”.
HaveIBeenPwned – verification by the first characters
In order to avoid accusation of password gathering, the solution involves only the first characters of a shortcut being sent after entering the password in the application. In response, the user is shown all passwords available in the SHA1 base and then can individually check the further purposefulness of its application.
Source: HaveIBeenPwned
—
Do you need cybersecurity solutions for your company – contact us.
