Checks whether your passwords have been exposed in previous data breaches.
When you enter a password on a website, this extension will check it against Troy Hunt's pwnedpasswords API (v2) and let you know if it has been exposed in previous breaches. If it has, you probably want to use a different password. If you're worried about your password getting sent across the internet, that's fantastic! Such a travesty should never be allowed! So instead of doing that, Password Checker actually hashes your password and sends the first 5 characters of that hash to the pwnedpasswords API. It then gets back a list of possible matches and compares your password to that list. Since no part of your password is ever sent over the internet, and the full hash isn't sent either, neither the API nor anyone intercepting traffic in between will know what you have actually typed into the box. Check out haveibeenpwned for more information.
- (2019-08-13) Chris binder: This works well. Great Add-On for your browser!
- (2019-06-27) Brian Semrau: I love that this can help average users build HIBP into their workflow. Thanks for your work on this!
- (2019-02-06) Lee Nomedal - LaFon: Now with hack databases showing up with millions of hacked passwords and usernames - it is great to see someone trying to make that data easily available. I have only just installed it, and tried it on a few websites. So far, it seems to work flawlessly. I am very appreciative to the author of this plugin, and hope that it is found useful by enough people so that he will continue to develop it. Would like to see some options to modify the way that it works, but very happy with it so far.
- (2019-02-10, v:1.0) Mike Beamer: GitHub?
How do I use Password Checker. When I clicon website it takes me to something called GitHub. Do I have to sign up for that to use Password Checker? If so, a noice saying that or how to set it up would be a good thing. Many thanks,
- (2018-03-09, v:1.0) Mulia Arifandi Nasution: Add feature to exclude URLs
Would be nice if there was way to exclude URLs.