Thanks Thanks:  0
Likes Likes:  2
Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2004
    Location
    Ottawa, Canada
    Posts
    35,676
    Mentioned
    21 Post(s)
    Tagged
    0 Thread(s)

    Browser add-on alerts you if your password has been stolen

    Here's How To Find Out If Your Password Has Been Stolen By Hackers
    By Robin Andrews, IFLScience.com
    May 27, 2018

    You, dear reader, are likely to be someone who uses the same password for several logins, across websites or computers. There's a fairly decent chance that at some point, one or several of your passwords have been stolen and posted on forums for other hackers to try out.

    Enter, Okta, whose plug-in for Chrome (a version for Firefox is coming soon) lets you know how safe, or unsafe, your passwords really are.

    Okta is described by CNET as a login management company, which doesn't sound particularly thrilling. Popping over to their website, it appears that this is indeed what they do, but to put it in a mildly more exciting way: They are the guardians of the virtual gateways, those that stop nefarious hackers getting to you as you log in to whatever digital platform you or your company are using.

    They've recently gone one step further and released a browser plug-in named PassProtect. When you use a password to sign in to Twitter or anything of the sort, it'll inform you just how many times the password in question has been exposed in a data breach. In fact, in the process of writing this article, yours truly found out that two of his passwords for various things had indeed been thieved, which triggered a brief panic.

    PassProtect-detail.png

    Such services already exist such as the Have I Been Pwned database, which continuously adds to its list of hacked passwords but it's nice to have this reassuring/anxiety-inducing feature available as a plug-in for your web browser. In fact, this plug-in securely checks your password, turned into several small strings of scrambled characters, and sends it to Have I Been Pwned to see how secure your asterisk-covered entry key actually is.

    "With a real-time, as-you-type notification, PassProtect quickly alerts users of possible 'riskier' passwords so they can take action immediately and without compromising privacy," Okta explains in a blog post. Convenience and peace of mind. How delightful!

    CNET also note that you may be (quite rightly) wondering if your passwords may be hacked, in a dramatic twist, via the PassProtect app. Apparently, as the password is only assessed on your computer and a copy isn't sent elsewhere, you're safe.

    "By using k-anonymity, PassProtect ensures that your passwords are never seen, stored, or sent over the network during this checking process," Okta add.

    At present, you can only get this on Chrome web browsers, but Firefox and a mobile equivalent will be available in the future.

    Thefts on logins aside, other ways to make your passwords more secure are, according to Norton, not to use real words, not to use personal information, and to regularly change them anyway, regardless of whether or not they've been hacked.

  2. #2
    Join Date
    Mar 2004
    Location
    Ottawa, Canada
    Posts
    35,676
    Mentioned
    21 Post(s)
    Tagged
    0 Thread(s)

    Re: Browser add-on alerts you if your password has been stolen

    As noted in the article above, PassProtect is currently available as an extension for Chrome only, although they say a version for Firefox is in the works.

    In the meantime, if you are a Firefox user, you can try a similar add-on called Prevent Pwned Passwords.

    Prevent Pwned Passwords helps make sure you don't use any password that's known to have been part of a data breach. If you try to use a password that's known to have been compromised, you'll get an alert.

    You can choose to run it whenever you enter a password on any site, whenever you enter a password on a "Create Account" page, or only when you choose to check a password from a context menu. You can also whitelist sites, giving you greater control over what passwords are checked.

    This extension hashes your password and securely checks that hash against a database of hashes known to be breached. If it's been involved in a past breach (of any account across hundreds of sites), it notifies you so you can change your password.

    Note that the only data ever transmitted is a password hash. We never send a clear-text password or any identifiable information like a username or a URL.

    This extension uses the Have I Been Pwned service.

    I'm going to give this one a test run myself.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Disclaimer: PsychLinks is not responsible for the content of posts or comments by forum members.

Additional Forum Web Design by PsychLinks
© All rights reserved.