kspearrin
commented
7 years ago Would it be ok just to expose an interface to help a user sign up for the HIBP service? I don't really see the benefit of re-creating their already existing service.
Closed ple103 closed 7 years ago
kspearrin
commented
7 years ago Would it be ok just to expose an interface to help a user sign up for the HIBP service? I don't really see the benefit of re-creating their already existing service.
ple103
commented
7 years ago I still think that it would be a cool feature, but you're right; it'd be re-inventing the wheel when they could just subscribe to the HIBP mailing list.
sreich
commented
7 years ago i'd be fine with just an interface. there's something to be said for improved discovery of such a service, most people who even use password managers probably never heard of that and it could go a long way to giving people better security practices.
the integration also means it can be considered a feature of bitwarden - "informs you when sites are compromised", which wouldn't be a bad thing :smile:
but of course it'd be even better to have it say, scan all logins of your user. perhaps as a 'perform a healthcheck' feature.
the issue with the haveibeenpwned is you have to (afaik) manually cross-reference your logins with with the breached data set, sorted by date. but of course i understand the complexity in the undertaking of this kind of thing, esp this early on
kspearrin
commented
7 years ago
It would be nice to see a notification prompting me to change my password for a website if the website was reported in a recent data breach. This could possibly be achieved by using the "Have I been pwned?" API. https://haveibeenpwned.com/API/v2