Comments (11)
Could we potentially have a button inside each login details page, allowing to check that login (both email & password) against HIBP? This should be within their terms
EDIT: I see that it's included in the windows desktop program by clicking the checkmark next to the obfuscated password. This would be useful for the web vault as well, and also for the username (if username is an email)
from server.
Seconded for checking individual username/emails, as I often use the '+string' feature of gmail (and some others) to filter my email logins and protect against spam/breaches.
from server.
@Kesmy We comments back here: https://twitter.com/bitwarden_app/status/1085883055682666496
from server.
We could likely introduce some similar features using the HIBP API. https://haveibeenpwned.com/API/v2
from server.
Breach report added to web vault.
from server.
@kspearrin Unless I am misunderstanding the "Good News, Nothing Found!" mssage, the current implementation seems to only check the bitwarden login email against HIBO. Thats just saving you from going to the HIBO site. Why don't you sweep all the stored sites in the vault, find emails and then provide a checkbox based interface where you ask which of those emails you would like to check and then check each one?
from server.
@gkrawiec That's correct. The report is really just there to make people aware of HIBP.
Automatically checking every unique email in your vault against HIBP database would be a violation of their API terms since that would result in an excessive amount API calls to their system.
from server.
thanks for the info. Didnt know that.
from server.
Yea, their API only allows to check 1 email at a time, so we'd have to spam them.
from server.
@kspearrin OBO the people in this Twitter thread, including Troy Hunt himself, HIBP has no issue with this usage.
from server.
Excellent, I caught the wrong thread end in that conversation, so missed the official account's reply.
from server.
Related Issues (20)
- Getting 502 error / nginx won't start as config file does not exists HOT 8
- No bitwarden.conf file for nginx in Bitwarden Unified Container & problems with "admin" HOT 1
- 404 error trying to download updated bitwarden.sh HOT 1
- self-hosted server containers update to 2024.2.2 hoses vaults HOT 3
- bitwarden/setup:2024.2.2 Failed to create CoreCLR, HRESULT: 0x80070008 HOT 3
- "Network is unreachable" in identity container HOT 1
- Bitwarden Unified - Admin interface brings 502 bad gateway HOT 2
- mssql container cannot start: permissions error with /var/opt/mssql/data HOT 1
- After password is changed, no prompt available to save it. HOT 1
- Unable to migrate MySQL database after updating to >= 2024.1 HOT 2
- Bitwarden nginx docker keeps restarting HOT 1
- Unable to update locally hosted instance due to supposedly missing docker-compose.yml HOT 1
- "bitwarden.sh start" does not work HOT 1
- Mssql dockerfile points to CU11 not CU12 bricking Kernel 6.7+ support HOT 3
- Deleted items and collections should be logged with their name, not ID HOT 1
- bitwarden.sh won't updateself to 2024.3.0 HOT 3
- Can't upload new license : error 500 in Billing > Subscription HOT 2
- move from org to org via admin vault. HOT 1
- Bitwarden Unified fails to start: identity terminated by SIGABRT HOT 3
- docker-compose.yml: `version` is obsolete HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.