Helping build the next generation of privacy-preserving protocols
December 08, 2020 12:00PM
Today, we’re making several announcements around improving Internet protocols with respect to something important to our customers and Internet users worldwide: privacy....
Pwned Passwords Padding (ft. Lava Lamps and Workers)
March 04, 2020 1:00PM
Starting today, we are offering a new security advancement in the Pwned Passwords API - API clients can receive responses padded with random data....
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
December 20, 2018 1:00PM
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account....
Using Cloudflare Workers to identify pwned passwords
February 26, 2018 12:04PM
Last week Troy Hunt launched his Pwned Password v2 service which has an API handled and cached by Cloudflare using a clever anonymity scheme. The following simple code can check if a password exists in Troy's database without sending the password to Troy....