New tool safely checks your passwords against a half-billion pwned passwords

EASTER · Feb 25, 2018

Reality said: ↑

Haha right. Tentacles like an octopus. Haven't used an AV for years, but I have recently used Clamwin offline.
I'm sure my isp is throttling. I'm on a cap so wonder if isp would balk at 9GB.
Click to expand...

Funny coincidence you should mention that. Same thing.

My ISP throttles from roughly 5 PM EST until Midnight. Horrid service reaches it's worse at 10PM EST.

On downloads I see 4-10 Kb-s which is useless. The D/L's always give up the ghost and time out after some seconds/minutes.

Most peeps are snugged in bed after midnight. Grrrr. I aim to drive over to them and ask why im not getting the terms agreed to during that period. UGH

Reality · Feb 25, 2018

Minimalist said: ↑

Yes, I agree less info is better. Of course I was using VPN when submitting (like for most browsing nowadays), and even if they new who I was, they wouldn't know for which of my accounts I gave them my password. Enabling 2FA for important accounts helps also.
Click to expand...

I was thinking of ordinary users who don't necessarily use VPN or other measures to obscure ip. I think I'll take on your minimalist namesake here . Less is definitely more.

Reality · Feb 25, 2018

EASTER said: ↑

My ISP throttles from roughly 5 PM EST until Midnight. Horrid service reaches it's worse at 10PM EST.
.... Grrrr...UGH
Click to expand...

Mine is patchy like this as well. It's a royal pain. I plan to get onto them about it as well - fully expecting the passing of the buck.

RockLobster · Feb 25, 2018

EASTER said: ↑

Something on this order im sure is useful and not to take anyway it is trusted, but in all honesty what's to say you enter passwords to be checked and they are STORED or worse yet another entity has some tie-in to the website itself. Just Saying as a highly suspicious user when it comes to entering private data online anything. Again Just saying.
Click to expand...

Yes I thought that too so I only checked a few old passwords I no longer use.

XIII · Feb 25, 2018

Reality said: ↑

9GB
Click to expand...

That's encrypted with 7-Zip.

The actual file is 31.6 GB...

EASTER · Feb 25, 2018

XIII said: ↑

That's encrypted with 7-Zip.

The actual file is 31.6 GB...
Click to expand...

Hah ha. No wonder. I started the download but the ETA was way too off the charts for what feeble bandwidth is distributed to my section of the masses.

Sure though however I could pull that whole base at a library where speeds are infinitely better than my own services.

It is IMO worth the extra trip and effort.

Minimalist · Feb 27, 2018

I Wanna Go Fast: Why Searching Through 500M Pwned Passwords Is So Quick

In the immortal words of Ricky Bobby, I wanna go fast. When I launched Pwned Passwords V2 last week, I made it fast - real fast - and I want to talk briefly here about why that was important, how I did it and then how I've since shaved another 56% off the load time for requests that hit the origin. And a bunch of other cool perf stuff while I'm here.
Click to expand...

https://www.troyhunt.com/i-wanna-go-fast-why-searching-through-500m-pwned-passwords-is-so-quick/

Krusty · Feb 27, 2018

2 passwords I tried were OK, but if you use randomly generated longish passwords and different passwords for each site you shouln't have too much to worry about, right?

RockLobster · Feb 27, 2018

Krusty said: ↑

2 passwords I tried were OK, but if you use randomly generated longish passwords and different passwords for each site you shouln't have too much to worry about, right?
Click to expand...

Yes that and the good thing about generated passwords its easy to change them regularly.

guest · May 23, 2018

Okta’s PassProtect checks your passwords with ‘Have I Been Pwned’
May 23, 2018
https://techcrunch.com/2018/05/23/oktas-passprotect-checks-your-passwords-with-have-i-been-pwned/

Okta just launched a free browser extension for Google Chrome today. After installing PassProtect, your browser will compare the passwords you type with Troy Hunt’s Have I Been Pwned.

The extension uses k-Anonimity to check your password against Hunt’s database securely. Your passwords are never shared with Okta or Have I Been Pwned. The extension is also open source.
Click to expand...

Related:
Chrome plug-in tells you when hackers have your password
And yes, it does have a system to avoid leaking your password itself.
May 23, 2018
https://www.cnet.com/news/chrome-plug-in-tells-when-hackers-have-your-password-okta/

Is this safe?
You might also wonder whether it's safe to use a browser plug-in that accesses and analyzes your passwords. Degges said Okta has built PassProtect to safeguard your password, analyzing it on your computer and never sending a copy of it away from your browser.

Then PassProtect sends the first five characters of that string to a database run by Australian security expert Troy Hunt, who runs the website Have I Been Pwned.
The database sends back a set of hashed passwords that also start with those first five characters. Then PassProtect searches within that smaller set of passwords for yours.
No usernames, yet
The tool doesn't analyze your username, though that's another feature the Okta team would like to add.
Click to expand...

Rasheed187 · May 24, 2018

mood said: ↑

Related:
Chrome plug-in tells you when hackers have your password
And yes, it does have a system to avoid leaking your password itself.
May 23, 2018
https://www.cnet.com/news/chrome-plug-in-tells-when-hackers-have-your-password-okta/
Click to expand...

But is this really a good idea, an extension that is monitoring typed passwords?

guest · Oct 29, 2018

Spybot Identity Monitor
Website

You’ve probably registered on dozens of websites (or more) over the years, giving them your email address, personal data like birth dates and street addresses, and passwords. Spybot Identity Monitor gives you a tool that allows you to check if your information already is in the hand of hackers.

Once started, the program immediately shows an overview of known sources and breaches for the accounts set up.

You can view all details of a breach of your data. In this example you'll see that for example@example.com, even phone numbers and employers were leaked.
Click to expand...

Review:
A look at Spybot Identity Monitor for Windows
October 29, 2018
https://www.ghacks.net/2018/10/29/a-look-at-spybot-identity-monitor-for-windows/

Spybot Identity Monitor is a free software program for Microsoft Windows devices designed to monitor account email addresses using the leak database provided by Have I Been Pwned.

While it is possible to check any email address directly on the service's website and even get notifications when the email is found in a database, some users may prefer to use a program like Spybot Identity Monitor instead as it offers some advantages. [...]
Closing Words
Spybot Identity Monitor is a simple program to monitor email addresses and usernames against the Have I Been Pwned database of leaked account information.

The program offers a better overview in my opinion as you can add as many accounts as you like to it and get information about all of them in the interface. The option to rerun checks on logon is useful if you are particularly worried about accounts.
Click to expand...

guest · Nov 1, 2018

New monitoring tool checks the dark web for stolen credentials
November 01, 2018
https://betanews.com/2018/11/01/monitoring-dark-web-stolen-credentials/

BreachWatch alerts users when their account information is found on the dark web and delivers an in-app alert prompting the user to update their credentials for the sites affected.

"With BreachWatch, we're giving our customers greater online security and peace of mind. If any of their passwords are part of a breached website or application, they'll be quickly notified so they can take necessary action to protect themselves."

BreachWatch works within the Keeper password manager and continuously monitors for compromised credentials. It costs $19.99 per year for all Keeper Unlimited and Family Plan customers.

You can find out more on the Keeper website.
Click to expand...

Introducing BreachWatch by Keeper
https://keepersecurity.com/blog/2018/10/29/introducing-keeper-breachwatch/

xxJackxx · Nov 1, 2018

At what point does this list get long enough that using it would be no more effective than just guessing?

142395 · Nov 3, 2018

xxJackxx said: ↑

At what point does this list get long enough that using it would be no more effective than just guessing?
Click to expand...

Assume each 10,000,000,000 users all have 1,000 diff pwds (none of them overlaps) and all of them are now included in the list. It's still less than 0.15% of 1-8 char pwds made from printable ASCII char.
So, practically, the answer is "never".

Rasheed187 · Nov 10, 2018

mood said: ↑

Spybot Identity Monitor
Website

Review:
A look at Spybot Identity Monitor for Windows
October 29, 2018
https://www.ghacks.net/2018/10/29/a-look-at-spybot-identity-monitor-for-windows/
Click to expand...

Interesting tool, will check it out.

Log in or Sign up

New tool safely checks your passwords against a half-billion pwned passwords

EASTER Registered Member

Reality Registered Member

Reality Registered Member

RockLobster Registered Member

XIII Registered Member

EASTER Registered Member

Minimalist Registered Member

Krusty Registered Member

RockLobster Registered Member

guest Guest

Rasheed187 Registered Member

guest Guest

guest Guest

xxJackxx Registered Member

142395 Guest

Rasheed187 Registered Member

Log in or Sign up

New tool safely checks your passwords against a half-billion pwned passwords

EASTER Registered Member

Reality Registered Member

Reality Registered Member

RockLobster Registered Member

XIII Registered Member

EASTER Registered Member

Minimalist Registered Member

Krusty Registered Member

RockLobster Registered Member

guest Guest

Rasheed187 Registered Member

guest Guest

guest Guest

xxJackxx Registered Member

142395 Guest

Rasheed187 Registered Member

Useful Searches