This article discusses the use of HaveIBeenPwnded to check whether an account you owned may have been compromised. Good for them. Public service. But, then…
The article continues to say, to check whether any of your passwords have been checked, go to the password tab and enter any passwords you have ever used to see if they’ve been compromised.
So I’ve already entered my email address, and now I’m supposed to enter any passwords I’ve ever used? Ummm…
Talk about fast tracking someone to lose their identity
I know that they’re trying to provide a public service and help people out, but this is not the way to go about it…
Troy’s been running HIBP for years and tbh I feel like the password entry is one of those… “If you’re going to type your password into a (random) website, your password is probably on this list.” honeypots.
The lookup service is still a good one though - your email is already mostly public data anyway.
It’s about time something like this has become available. If only there would be similar for credit card numbers, maiden names, school mascots and first automobiles I’d feel much more secure
Many years ago, when online fraud was new, I was warned by a concerned police inspector that a card number of mine was found in a suspected group’s possession.
I still use that same card (with no credit) for online purchases and pay services.
