Pwned Passwords Padding (ft. Lava Lamps and Workers)
March 04, 2020 1:00PM
Starting today, we are offering a new security advancement in the Pwned Passwords API - API clients can receive responses padded with random data....
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
December 20, 2018 1:00PM
Passwords SecurityRecently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account....
Using Cloudflare Workers to identify pwned passwords
February 26, 2018 12:04PM
Passwords Developers Serverless Cloudflare Workers SecurityLast week Troy Hunt launched his Pwned Password v2 service which has an API handled and cached by Cloudflare using a clever anonymity scheme. The following simple code can check if a password exists in Troy's database without sending the password to Troy....
Validating Leaked Passwords with k-Anonymity
February 21, 2018 7:00PM
Passwords Best Practices SecurityToday, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security....
How Developers got Password Security so Wrong
February 21, 2018 7:00PM
Passwords Best Practices Security DevelopersBoth in our real lives, and online, there are times where we need to authenticate ourselves - where we need to confirm we are who we say we are. This can be done using three things....
More Posts