Opened 6 years ago
Last modified 6 years ago
#14837 new enhancement
Check BKeyStore passwords on haveibeenpwned.com
| Reported by: | kallisti5 | Owned by: | nobody |
|---|---|---|---|
| Priority: | low | Milestone: | Unscheduled |
| Component: | Kits/Application Kit | Version: | R1/Development |
| Keywords: | BKeyStore credential | Cc: | |
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
haveibeenpwned.com now offers a service which accepts an anonymized password hash, and reports the number of times it has been found on compromised sites,databases,etc.
Our BKeyStore could (optionally) look-up passwords on this database, and warn users.
If we went this route, i'd want Haiku, Inc. to throw a small donation at haveibeenpwned.com since it's a pretty awesome service.
Note:
See TracTickets
for help on using tickets.
I've always wondered if such services would not in fact collect the passwords one is testing with? But that new API seems to make more sense, at least.
I don't think it's up to BKeyStore itself to do this, however (sometimes you can't even choose your password for online services...). But any place where we allow the user to set or generate a password, yes.