https://bugs.kde.org/show_bug.cgi?id=403300
Bug ID: 403300 Summary: Implement Pwned Passwords password checker into KWallet / KSecretService Product: ksecretsservice Version: unspecified Platform: Other OS: Linux Status: REPORTED Severity: wishlist Priority: NOR Component: Client library Assignee: va...@kde.org Reporter: mat...@suklje.name Target Milestone: --- KWallet / KSecretService is a great password manager, but once a password is breached, it’s not easy to find it. Have I Been Pwned is a website (and service) that tracks if your e-mail address has shown up in any breaches. Recently they introduced a new service, where you can check how often a password has shown up before – in order to assess how safe it (still) is: https://haveibeenpwned.com/Passwords It is also possible to use their API to check several passwords in one go – if this could be added into KDE, it would be awesome: https://haveibeenpwned.com/API/v2#PwnedPasswords Alternatively, KDE could also download the torrents with hashes from the website (the files are 10+ GB though!) and do the scan either locally or on some other dedicated server. An extra cool feature would be if KDE were doing regular checks if the passwords are still unique or not. -- You are receiving this mail because: You are watching all bug changes.