https://bugs.kde.org/show_bug.cgi?id=403300
Bug ID: 403300
Summary: Implement Pwned Passwords password checker into
KWallet / KSecretService
Product: ksecretsservice
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: Client library
Assignee: va...@kde.org
Reporter: mat...@suklje.name
Target Milestone: ---
KWallet / KSecretService is a great password manager, but once a password is
breached, it’s not easy to find it.
Have I Been Pwned is a website (and service) that tracks if your e-mail address
has shown up in any breaches. Recently they introduced a new service, where you
can check how often a password has shown up before – in order to assess how
safe it (still) is:
https://haveibeenpwned.com/Passwords
It is also possible to use their API to check several passwords in one go – if
this could be added into KDE, it would be awesome:
https://haveibeenpwned.com/API/v2#PwnedPasswords
Alternatively, KDE could also download the torrents with hashes from the
website (the files are 10+ GB though!) and do the scan either locally or on
some other dedicated server.
An extra cool feature would be if KDE were doing regular checks if the
passwords are still unique or not.
--
You are receiving this mail because:
You are watching all bug changes.
