OPAQUE: The Best Passwords Never Leave your Device
December 08, 2020 12:00PM
Imagine passwords for online services that never leave your device, encrypted or otherwise. OPAQUE is a new cryptographic protocol that makes this idea possible, giving you and only you full control of your password....
Pwned Passwords Padding (ft. Lava Lamps and Workers)
March 04, 2020 1:00PM
Starting today, we are offering a new security advancement in the Pwned Passwords API - API clients can receive responses padded with random data....
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
December 20, 2018 1:00PM
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account....
Using Cloudflare Workers to identify pwned passwords
February 26, 2018 12:04PM
Last week Troy Hunt launched his Pwned Password v2 service which has an API handled and cached by Cloudflare using a clever anonymity scheme. The following simple code can check if a password exists in Troy's database without sending the password to Troy....
February 21, 2018 7:00PM
Validating Leaked Passwords with k-Anonymity
Today, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security....