Greetings. On Thu, 17 Jan 2019 14:48:04 -0800, Pass Word <[email protected]> wrote: > Someone asked on irc today for an option to check passwords against > the Have I Been Pwned website to see if they are already > compromised. It is probably extremely rare for a password generated > with pass to already be on there but whatever, it is still somewhat > useful to check other passwords you might have stored in pass.
I wouldn't say that finding a pass-generated password listed on Have I
Been Pwned is "extremely rare" -- the breaches recorded there
come from websites that stored passwords insecurely (such as in
plaintext). So no matter how secure a password you chose for such a
website, it will still be catalogued on HIBP.
I do generate all my passwords randomly, and use a unique password on
each site. Still, it's important for me to know if any of these are
compromised so that I can change the password on the affected site.
Thanks to the other posters in this thread for sharing the tools they
use to mass-check the password store against HIBP in a secure way.
Regards,
Tristan
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Tristan Miller
Free Software developer, ferret herder, logologist
https://logological.org/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
pgpi4LedIRhz6.pgp
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
