Opened 18 months ago

Last modified 18 months ago

#14837 new enhancement

Check BKeyStore passwords on

Reported by: kallisti5 Owned by: nobody
Priority: low Milestone: Unscheduled
Component: Kits/Application Kit Version: R1/Development
Keywords: BKeyStore credential Cc:
Blocked By: Blocking:
Platform: All

Description now offers a service which accepts an anonymized password hash, and reports the number of times it has been found on compromised sites,databases,etc.

Our BKeyStore could (optionally) look-up passwords on this database, and warn users.

If we went this route, i'd want Haiku, Inc. to throw a small donation at since it's a pretty awesome service.

Change History (1)

comment:1 by pulkomandy, 18 months ago

I've always wondered if such services would not in fact collect the passwords one is testing with? But that new API seems to make more sense, at least.

I don't think it's up to BKeyStore itself to do this, however (sometimes you can't even choose your password for online services...). But any place where we allow the user to set or generate a password, yes.

Note: See TracTickets for help on using tickets.