Monday, September 21, 2020

Have I Been Pwned — which tells you if passwords were breached — is going open source


These days, we almost take it as a given that piss-poor security will inevitably expose some of your usernames and passwords to the world — that’s why 2FA is so important, and why you might want a password checkup tool like the ones now built into every modern browser (well, Safari is coming soon) so you can quickly replace the ones that were stolen.

But nearly all of those password checkup tools owe something to Troy Hunt’s Have I Been Pwned, which was kind of a novel idea when it first launched 7 years ago — and Hunt is now open-sourcing his website codebase so the idea can spread even further.

While not all password checkup tools actually use Hunt’s database (a just-announced LastPass feature calls on one hosted by Enzoic instead), many of them are apparently based on the same “k-Anonymity” API that Cloudflare engineering manager Junade Ali originally designed to support Have I Been Pwned’s tool.

The important idea here is that you want to be able to tell users that their password has been breached without providing an opportunity for bad actors to figure out which passwords those are and make the breach even worse; k-Anonymity uses math to make it harder for hackers.

But Hunt said last year that he doesn’t want to continue this all by himself, he wants the idea to expand, and after a failed attempt to get another company to acquire HIBP without compromising on a list of ideals, he’s now going to try to open it all up for the community to contribute.

Note, though, that it’s not quite happening yet. Hunt writes that he doesn’t have a timeline for opening it up, partly because it’s in a messy state, and partly because he wants to make sure he can keep the databases of breached passwords themselves from falling into the wrong hands. At this rate, I imagine it’ll happen before we manage to get rid of passwords altogether, but it might be a ways away.



Source link

Related Articles

Biden’s polling lead over Trump holds steady at 8 points, but his sizable cash advantage is new

A Wall Street Journal/NBC News poll released Sunday showed Democratic presidential nominee Joe Biden leading President Trump by 8 percentage points, 51 percent...

Mike McCarthy’s first win with Dallas Cowboys a comeback for the ages

ARLINGTON, Texas -- There is something about AT&T Stadium that agrees with Mike McCarthy.He won Super Bowl XLV there with the Green Bay...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest Articles

Biden’s polling lead over Trump holds steady at 8 points, but his sizable cash advantage is new

A Wall Street Journal/NBC News poll released Sunday showed Democratic presidential nominee Joe Biden leading President Trump by 8 percentage points, 51 percent...

Mike McCarthy’s first win with Dallas Cowboys a comeback for the ages

ARLINGTON, Texas -- There is something about AT&T Stadium that agrees with Mike McCarthy.He won Super Bowl XLV there with the Green Bay...

Bryson DeChambeau tears up when his parents surprised him after his U.S. Open win

Bryson DeChambeau, the protein-drinking, weight-lifting golfer who has become the villain the PGA Tour needs, won the biggest golf tournament of his life on...

CDC says coronavirus spreads mainly in the air, through respiratory aerosols and droplets

Researcher Tehya Stockman plays a clarinet in a lab at the University of Colorado Boulder to measure aerosol output. (Richard Read / Los...