https://bugs.kde.org/show_bug.cgi?id=403300

            Bug ID: 403300
           Summary: Implement Pwned Passwords password checker into
                    KWallet / KSecretService
           Product: ksecretsservice
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: wishlist
          Priority: NOR
         Component: Client library
          Assignee: va...@kde.org
          Reporter: mat...@suklje.name
  Target Milestone: ---

KWallet / KSecretService is a great password manager, but once a password is
breached, it’s not easy to find it.

Have I Been Pwned is a website (and service) that tracks if your e-mail address
has shown up in any breaches. Recently they introduced a new service, where you
can check how often a password has shown up before – in order to assess how
safe it (still) is:

https://haveibeenpwned.com/Passwords

It is also possible to use their API to check several passwords in one go – if
this could be added into KDE, it would be awesome:

https://haveibeenpwned.com/API/v2#PwnedPasswords

Alternatively, KDE could also download the torrents with hashes from the
website (the files are 10+ GB though!) and do the scan either locally or on
some other dedicated server.

An extra cool feature would be if KDE were doing regular checks if the
passwords are still unique or not.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to