Nerdy leaked passwords:
Treebeard - “This password has been seen 1,207 times before in data breaches!”
NedStark - 20 times
CerseiLannister - 30 times
youknownothingjonsnow - 61 times
PicardIsSexy - 0 times (!The_Picard_Maneuver@piefed.world you’re safe. ;)
edit:
Gandalf1 - 53,478
Gandalfthewhite - 51
sexygandalf - 6
NSFW leaked passwords:
spoiler
bigdick - 178,712 (!?!)
bigpussy - 9,226
longpussy - 26
longdick - 10,762
wetpussy - 61,575
wetdick - 579
twat - 6,588
dickhead - 201,942
Blueballs69 - 520
Weird leaked passwords:
BillClinton - 378
DonaldTrump123 - 792
youwillneverguessmypassword - 390
redgreenblue - 2,040
123qweasdzxc - 1,010,515
poopstick - 6,845
((More to come later))
For those worried about inputting a password into a tool like this, they’ve actually done a great job keeping your pass secure.
Passwords entered on this site do not get transmitted to the server. Instead, they are hashed, then only the first half of the hash is sent to the server. The server replies with a list of every password hash they’ve found in leaks that match the partial hash you sent them. Your computer then looks through the list and tells you if the password you entered (which was kept on your pc, not transmitted) exists in that list.
From Haveibeenpwneds perspective; they sent you a big list of potential matches, but don’t know which one if any actually matches your password, because they were never given the full hash, let alone the raw password.
There’s even an open-source script you can run that does this within a console instead of a browser. Or, you can download their whole password DB via their github tools, then check it entirely offline.
So, a malicious JavaScript library update then…
The open-source local script might be better, I’ll have to check into that!
You could say the same about every password entry field; but that’s why there are local/alternative options here.
I don’t know if I want to be putting my passwords in to something like this lol
If you’re worried, send them to me and I’ll check for you.
hunter2
Yeah that one is used, you should change it
I just see *******
FYI: hunter2 was used by 65,744 accounts. hahaha
I am both impressed and horrified by this fact.
yezzir
deleted by creator
It makes a cryptographically-secure hash of the password you enter, then truncates that before sending it to the server so the only information they get would be in common with a huge number of other passwords. They then send back the leaked passwords with the same truncated hash, and your computer checks to see if what you’ve entered matches anything on the list. It’s not practical to send the whole list for every query as there’s just too much data, but if you don’t trust their site, you can just download the whole list and check against it yourself.
They’re missing a real opportunity here- when someone enters the “password” 12345, which 31,033,620 times by the way, their page should immediately display this
This functionality is built-in to bitwarden, they can safely check your entire vault for known breaches
