Enjoy some festive confetti as long as your passwords stay secure.
Cybersecurity Expert Transforms "Have I Been Pwned" Platform
Berlin - Australian cybersecurity expert Troy Hunt has revamped the functionality of haveibeenpwned.com, a popular query page for compromised login and identity data. The update includes new features and improvements to bolster user data security.
Upon negative results—meaning no breached passwords or data were found—confetti cannons shower the screen, and the good result is highlighted with a green frame. In contrast, breached data is highlighted with a red frame, accompanied by a detailed timeline displaying the year and month of each individual leak event. This feature is particularly useful for email addresses with multiple hits.
The query now only involves email addresses, with usernames and phone numbers no longer being considered. For further information on a specific leak event, users can click on the "View Details" button, which opens a window disclosing detailed information about the incident, its scope, danger classification, and the compromised data categories.
Regularly checking one's email addresses on "Have I Been Pwned" is recommended, as the database continually expands with newly found leak data. An additional free checker is suggested, the Identity Leak Checker from the Hasso Plattner Institute (HPI).
In case a query on either platform generates hits, the burned password on the corresponding service should be replaced with a secure, unique password as soon as possible. Password managers are recommended for managing numerous, complex passwords. Two-factor authentication should also be enabled whenever available, while Passkeys are being introduced as a passwordless login solution.
Passkeys utilize a cryptographic key pair for passwordless authentication. When a user logs in, a cryptographic key stored with the user is requested, followed by approval via fingerprint or similar means. Passkeys can be stored on a security USB stick (FIDO2), in compatible operating systems or password managers.
The revamped "Have I Been Pwned" platform now offers a unified dashboard, including features like checking sensitive breaches, managing API keys, and viewing stealer logs, all requiring email verification [5]. Additional features include client-side search for faster performance, an anti-bot solution replaceGoogle's reCaptcha with Cloudflare's Turnstile [3], and the removal of search options for usernames and phone numbers. These updates aim to offer a smoother user experience and more comprehensive information about data breaches.
Other technology, such as Passkeys, is being introduced on the revamped "Have I Been Pwned" platform as a passwordless login solution, offering a more secure alternative to traditional passwords. To bolster user data security, the cybersecurity technology used by Troy Hunt in the revamped platform includes features like client-side search for faster performance, an anti-bot solution, and the removal of search options for usernames and phone numbers.
