Passwords are the most common way to protect our accounts. That’s why we should use strong, unique passwords for each online account. But as we have too many accounts on various websites and platforms, just remembering them isn’t real. For this, many of us use a password management app to keep track of them all. HaveIBeenPwned.com (HIBP) and Google Chrome’s password manager are among the most popular tools. The former also allows us to see whether our accounts were hacked.
Recently, HIBP’s creator Troy Hunt announced two major updates for the service. More interestingly, they have reached a partnership with the FBI. This simply means the latter will feed data from breaches into the service, increasing the amount of data available for anyone to check online.
Moreover, now, HIBP allows us to check whether our Facebook accounts were included in the data-scraping breach that collected personal information from more than 533 million accounts a few years ago. If you remember, the database became widely available a few months ago.
HIBP Made Two Updates
A couple of days ago, Hunt said that HIBP is going open source with the help of the .NET Foundation. Those who still don’t understand what this means, it will allow more people to run similar services in the future:
So, I can proverbially ‘lift and shift’ Pwned Passwords into open source land in a pretty straightforward fashion which makes it the obvious place to start. It’s also great timing because as I said earlier, it’s now an important part of many online services and this move ensures that anybody can run their own Pwned Passwords instance if they so choose. My hope is that this encourages greater adoption of the service both due to the transparency that opening the code base brings with it and the confidence that people can always ‘roll their own’ if they choose. Maybe they don’t want the hosted API dependency, maybe they just want a fallback position should I ever meet an early demise in an unfortunate jet ski accident. This gives people choices.
As for the second major change, as said above, they are collaborating with FBI. It regularly investigates hacks and data breaches. Thus, FBI is keeping track of compromised accounts.
[The] FBI reached out and we began a discussion about what it might look like to provide them with an avenue to feed compromised passwords into HIBP and surface them via the Pwned Passwords feature. Their goal here is perfectly aligned with mine and, I dare say, with the goals of most people reading this: to protect people from account takeovers by proactively warning them when their password has been compromised. Feeding these passwords into HIBP gives the FBI the opportunity to do this almost 1 billion times every month. It’s good leverage 🙂 [sic]