Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
C0D4669025yBecause it's sends a partial hashed version to https://haveibeenpwned.com/ using their api and determines its a compromised password.
-
@C0D4 It's been long since I created this account. How suddenly I'm getting this mail now?
-
olback107945y@girlwhocodes your password got leaked recently and added to the haveibeenpwnd database. That's probably why it started just now.
-
C0D4669025y@girlwhocodes you logged in for the first time in ages?
Beats me on the "why now" part, I just know the "how"
https://github.blog/2018-07-31-new-...
Turns out they dont use the api, they have a copy of the entire dataset 😦
So... you know, I'd say you're password is in there somewhere. -
@C0D4 it shows 1 breached site. But how may I know which site it could be. Or where may I need to tighten the security.
-
NoMad136665yDoes that to me too. I checked, and was not pawned. So ¯\_(ツ)_/¯
Github has gone to shit imho. -
If your password is weak they just guessed it and found it, just like any one else could. They basically white hat hacked your password. They are kind enough to tell you that your password can be hacked. So accept their kindness and change your damn password!
-
Haha, I see, the point is that email was late. Did they integrate such security notice just recently?
-
@PostMapping("/password/change")
public void changePass(String newPass, Principal user) {
PasswordStrength strength = determineStrength(newPass);
userService.updatePass(principal.getName(), newPass);
if(WEAK.equals(strength)) {
notificationService.schedulePasswordStrengthReminder(user.getName(), strength);
}
}
// and they don't even need to know what your pass is.... -
NoMad136665yIt is also entirely possible that they were hacked and now "your pass is weak" so they want you to change it before shit hits the fan. I mean, aside from very easy passes, a minimum 8 character pass of upper and lower case and number should not be "weak" per se.
-
sak9625725yWhat if someone takes over havebeenpawned. Then he can create "rock you v2.txt". It free wall estate for passwords.
Related Rants
And why were you reading my password again?
rant
github
github arrgh