mihaifm
commented
4 years ago Tools->HIBP Offline Check->Clear Status
Are you using anything else as alternative? Just curious.
Closed Chaython closed 4 years ago
mihaifm
commented
4 years ago Tools->HIBP Offline Check->Clear Status
Are you using anything else as alternative? Just curious.
Chaython
commented
4 years ago There are other solutions [ https://github.com/andrew-schofield/keepass2-haveibeenpwned ]. Yours is the only offline one I know of though. I'm worried about password manager having some network integration. However the HIBP is so massive it's not worth keeping offline. Since I have keepass, using a unique password for each site now, it's no longer relevant to use a HIBP. If a site has a breach I will see it and change that one.
I got nervous about paswords almost 2 years ago, when I had 3k euro stolen from my G2A account. Out of laziness I continued to use google chrome/firefox sync. But I am now using keepass fully, so should be no worries.
Thanks for developing and supporting this project. You're a great person for developing foss, and helping protect people. I wish you great luck.
mihaifm
commented
4 years ago Cool, thanks for sharing. The size of the HIBP file is problematic indeed. The plugin offers the Bloom Filter functionality, where you can generate a smaller file (~1GB) and use that instead of the large HIBP file. You might want to give that a try.
IMO having unique passwords is not enough. If you have a weak password it can still be broken using a dictionary attack. HIBP should give some protection against this scenario.
Anyway thanks for using the plugin.
Anyway to remove all HIBP strings, I no longer wish to use it.