Does Hackers know your password

Zangetsu

I am the master of my Fate.
This Chrome plug-in tells you if hackers 'know' your password

PassProtect, the plug-in will inform you that how many times a password you are using has been exposed to data breach.

Go to the login page of your favourite website and enter your password and hit enter. Now you will notice a window pop up warning you: "The password you just entered has been found in 26 data breaches. This password is not safe to use." So, once you dismiss the message, then it is up to you whether you want to change the password or not. But you will not see the same warning again for the same website in the same browser

Source: This Chrome plug-in tells you if hackers 'know' your password | Gadgets Now
 

billubakra

Conversation Architect
So, we install the plugin>>Go to gmail>>Enter our username and password and then the plugin will tell us how many times the password has been breached? If that's the case, then don't you think the plugin itself might be compromised?
 
Last edited:

Flash

Lost in speed
So, we install the plugin>>Go to gmail>>Enter our username and password and then the plugin will tell us how many times the password has been breached? If that's the case, then don't you think the plugin itself might be compromised?
As per that URL, it takes the typed password and cross-verify with haveibeenpwned.com to determine that particular password has involved in any other data breach or not. So So if am correct, lets say your password is "password123", and the plugin checks that password in some kind of centralized password master DB and tells you, "password123" is bad.
 

billubakra

Conversation Architect
As per that URL, it takes the typed password and cross-verify with haveibeenpwned.com to determine that particular password has involved in any other data breach or not. So So if am correct, lets say your password is "password123", and the plugin checks that password in some kind of centralized password master DB and tells you, "password123" is bad.
I get that, but if that plugin is compromised then it knows our username- flash and password- batman.
 

Flash

Lost in speed
I get that, but if that plugin is compromised then it knows our username- flash and password- batman.
maybe the plugin will check the password hash, not the original password itself.
Btw, my password is not batman, its ******.
 

Vyom

The Power of x480
Staff member
Admin
Who in their right mind will try to "check" their password by using a plugin? No matter how much the plugin claims it's not shady, their is NO guarantee.

It's simple, if you have created a strong password, and it's a combination of capital, number and special character and more than 8 characters long, you shouldn't need to worry about it's strength, and if you are in doubt that your password was leaked, just change it. Why you need to "CHECK" if your password is good?

Such plugins are in line with next Cambridge Analytica issue, where user themselves leak their own information.
 

whitestar_999

Super Moderator
Staff member
haveibeenpwned is a known website that has reported some of the largest account data breaches.You can directly go to site & simply enter an email to see if it has been exposed in any breach along with details like whether password associated with that email was breached too or not.

As for strength of the password,nowadays it is more about stealing rather than cracking so besides using a strong password the system/network should be secure too else strength of password is irrelevant.
 

Anorion

Sith Lord
Staff member
Admin
haveibeenpwned is a good resource
you can check with your email id, no need to key in your password
if you have been pwnd, the site will show you your password
 

whitestar_999

Super Moderator
Staff member
^^There are two types of account breaches: 1.in which both email & password are exposed & 2. in which only email is exposed but password is either not exposed or is exposed in an encrypted form.
 
Top Bottom