Does Hackers know your password

Discussion in 'Internet & WWW' started by Zangetsu, May 29, 2018.

  1. Zangetsu

    Zangetsu PM me for any queries in digirForum!

    Joined:
    Jan 8, 2008
    Messages:
    10,094
    Likes Received:
    159
    Trophy Points:
    63
    Location:
    Soul Society
    This Chrome plug-in tells you if hackers 'know' your password

    PassProtect, the plug-in will inform you that how many times a password you are using has been exposed to data breach.

    Go to the login page of your favourite website and enter your password and hit enter. Now you will notice a window pop up warning you: "The password you just entered has been found in 26 data breaches. This password is not safe to use." So, once you dismiss the message, then it is up to you whether you want to change the password or not. But you will not see the same warning again for the same website in the same browser

    Source: This Chrome plug-in tells you if hackers 'know' your password | Gadgets Now
     
  2. billubakra

    billubakra Well-Known Member

    Joined:
    Dec 18, 2012
    Messages:
    3,138
    Likes Received:
    238
    Trophy Points:
    63
    So, we install the plugin>>Go to gmail>>Enter our username and password and then the plugin will tell us how many times the password has been breached? If that's the case, then don't you think the plugin itself might be compromised?
     
    Last edited: May 29, 2018
  3. Flash

    Flash Agent of Speed

    Joined:
    Jul 18, 2010
    Messages:
    5,055
    Likes Received:
    133
    Trophy Points:
    63
    Location:
    <Classified>
    As per that URL, it takes the typed password and cross-verify with haveibeenpwned.com to determine that particular password has involved in any other data breach or not. So So if am correct, lets say your password is "password123", and the plugin checks that password in some kind of centralized password master DB and tells you, "password123" is bad.
     
  4. billubakra

    billubakra Well-Known Member

    Joined:
    Dec 18, 2012
    Messages:
    3,138
    Likes Received:
    238
    Trophy Points:
    63
    I get that, but if that plugin is compromised then it knows our username- flash and password- batman.
     
  5. Flash

    Flash Agent of Speed

    Joined:
    Jul 18, 2010
    Messages:
    5,055
    Likes Received:
    133
    Trophy Points:
    63
    Location:
    <Classified>
    maybe the plugin will check the password hash, not the original password itself.
    Btw, my password is not batman, its ******.
     
    Vyom likes this.
  6. billubakra

    billubakra Well-Known Member

    Joined:
    Dec 18, 2012
    Messages:
    3,138
    Likes Received:
    238
    Trophy Points:
    63
    No guarantee about that.
    I more interested in your atm pin lol
     
  7. Vyom

    Vyom The Power of x480

    Joined:
    May 16, 2009
    Messages:
    6,212
    Likes Received:
    183
    Trophy Points:
    63
    Location:
    "New" New Delhi
    I tried hacking you with ******. I couldn't.
    Liar. :|
     
  8. TigerKing

    TigerKing Active Member

    Joined:
    Dec 24, 2016
    Messages:
    507
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Mumbai
    And that website selling data to hackers..
     
  9. Vyom

    Vyom The Power of x480

    Joined:
    May 16, 2009
    Messages:
    6,212
    Likes Received:
    183
    Trophy Points:
    63
    Location:
    "New" New Delhi
    Who in their right mind will try to "check" their password by using a plugin? No matter how much the plugin claims it's not shady, their is NO guarantee.

    It's simple, if you have created a strong password, and it's a combination of capital, number and special character and more than 8 characters long, you shouldn't need to worry about it's strength, and if you are in doubt that your password was leaked, just change it. Why you need to "CHECK" if your password is good?

    Such plugins are in line with next Cambridge Analytica issue, where user themselves leak their own information.
     
    billubakra likes this.
  10. whitestar_999

    whitestar_999 Super Moderator

    Joined:
    Nov 7, 2011
    Messages:
    8,144
    Likes Received:
    813
    Trophy Points:
    113
    Location:
    NCR
    haveibeenpwned is a known website that has reported some of the largest account data breaches.You can directly go to site & simply enter an email to see if it has been exposed in any breach along with details like whether password associated with that email was breached too or not.

    As for strength of the password,nowadays it is more about stealing rather than cracking so besides using a strong password the system/network should be secure too else strength of password is irrelevant.
     
    billubakra and Vyom like this.
  11. Anorion

    Anorion Sith Lord Staff Member Admin

    Joined:
    Oct 10, 2008
    Messages:
    4,159
    Likes Received:
    204
    Trophy Points:
    63
    haveibeenpwned is a good resource
    you can check with your email id, no need to key in your password
    if you have been pwnd, the site will show you your password
     
  12. OP
    OP
    Zangetsu

    Zangetsu PM me for any queries in digirForum!

    Joined:
    Jan 8, 2008
    Messages:
    10,094
    Likes Received:
    159
    Trophy Points:
    63
    Location:
    Soul Society
    No body can be trusted in this world
     
    TigerKing likes this.
  13. TigerKing

    TigerKing Active Member

    Joined:
    Dec 24, 2016
    Messages:
    507
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Mumbai
    It says
    Pwned on 1 breached site and found no pastes

    There is no password shown..
     
    billubakra likes this.
  14. Flash

    Flash Agent of Speed

    Joined:
    Jul 18, 2010
    Messages:
    5,055
    Likes Received:
    133
    Trophy Points:
    63
    Location:
    <Classified>
    Check for your password here - Have I Been Pwned: Pwned Passwords
     
    billubakra likes this.
  15. TigerKing

    TigerKing Active Member

    Joined:
    Dec 24, 2016
    Messages:
    507
    Likes Received:
    55
    Trophy Points:
    28
    Location:
    Mumbai
    I already found that.
    I wasn't asking for that.

    if you have been pwnd, the site will show you your password

    As per @Anorion
     
  16. whitestar_999

    whitestar_999 Super Moderator

    Joined:
    Nov 7, 2011
    Messages:
    8,144
    Likes Received:
    813
    Trophy Points:
    113
    Location:
    NCR
    ^^There are two types of account breaches: 1.in which both email & password are exposed & 2. in which only email is exposed but password is either not exposed or is exposed in an encrypted form.
     
    TigerKing likes this.

Share This Page