Browser: Support for the Pwned Passwords service

Created on 22 Feb 2018  路  2Comments  路  Source: bitwarden/browser

Hello,

I just heard about the Pwned Passwords service by Troy hunt, and thought that it would be a great addition to BitWarden.

In short, Pwned Passwords is a service where you can send a password/SHA-1 hash/5-char prefix of a SHA-1, and the service will return the number of hits for the send value. For the first two, it will return the number of hits for that specific password/password-hash, while for the 5-char prefix search, it will return a list of SHA-1 suffixes one can match the rest of the SHA-1 against.

Especially the last version, with a 5-char prefix of the SHA-1, might be interesting to have implemented as a form of validation client-side - if only to show a notice saying "Hey, this password has been found in X data breaches, and as thus might be unsafe" when storing a new password. Further, by using the 5-char prefix version, neither the password or the password hash is exposed over the web.

And here's a blogpost from Troy Hunt about it; https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

picture oddsund

Most helpful comment

This will be in the next release.

picture kspearrin on 28 Feb 2018
4

All 2 comments

This indeed a nice addition, although I have to say not something to prioritize in my oppinion.
Maybe good to add that 1Password trusts the service and allready started the integration: https://blog.agilebits.com/2018/02/22/finding-pwned-passwords-with-1password/

Tralapo picture Tralapo on 28 Feb 2018

This will be in the next release.

kspearrin picture kspearrin on 28 Feb 2018
4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kspearrin picture kspearrin  路  5Comments
passcod picture passcod  路  5Comments
junweilee picture junweilee  路  6Comments
madranet picture madranet  路  4Comments
HizzyHaz picture HizzyHaz  路  4Comments