Dashlane has this feature and I think it would be good to have it in bitwarden as well.
We could likely introduce some similar features using the HIBP API. https://haveibeenpwned.com/API/v2
Breach report added to web vault.
@kspearrin Unless I am misunderstanding the "Good News, Nothing Found!" mssage, the current implementation seems to only check the bitwarden login email against HIBO. Thats just saving you from going to the HIBO site. Why don't you sweep all the stored sites in the vault, find emails and then provide a checkbox based interface where you ask which of those emails you would like to check and then check each one?
@gkrawiec That's correct. The report is really just there to make people aware of HIBP.
Automatically checking every unique email in your vault against HIBP database would be a violation of their API terms since that would result in an excessive amount API calls to their system.
thanks for the info. Didnt know that.
Yea, their API only allows to check 1 email at a time, so we'd have to spam them.
Could we potentially have a button inside each login details page, allowing to check that login (both email & password) against HIBP? This should be within their terms
EDIT: I see that it's included in the windows desktop program by clicking the checkmark next to the obfuscated password. This would be useful for the web vault as well, and also for the username (if username is an email)
Seconded for checking individual username/emails, as I often use the '+string' feature of gmail (and some others) to filter my email logins and protect against spam/breaches.
@kspearrin OBO the people in this Twitter thread, including Troy Hunt himself, HIBP has no issue with this usage.
@Kesmy We comments back here: https://twitter.com/bitwarden_app/status/1085883055682666496
Excellent, I caught the wrong thread end in that conversation, so missed the official account's reply.