|
|
|
|
|
|
by diminoten
2527 days ago
|
|
|
1Password tells you which of your passwords have been part of a breach. Many other companies will suspend the accounts of anyone whose login information to their leaked as part of another site's breach. Other websites won't allow you to use a password that's listed as a common password from the aggregated passwords in breaches. Lots of studies have been done on password frequency, such as the top 100 most common passwords and what security people can do about their repeated use. Based on your question however, I'm concerned you don't actually get my point. You're being forced into action, exactly how companies are forced into action, by the availability of this information. You have to change your password if it's easily available to anyone who uses this API and who has your email address, you no longer get to pretend it's not a big deal. |
|
|
This is software acting as an agent of the effected user. 1Password could be authorized by the email holder to gain access to the API without making the information public.
> Other websites won't allow you to use...
This and the following example in your comment are discussing the breached password API, which is a completely different API that I specifically mentioned up-front as not compromising any PII.
I take zero issue with providing an API to see counts of how many times a password has shown up on breach lists, although I wouldn't use the API myself on any of my own passwords, because it leaks a 1-in-1-million discriminator to the actual password you are querying.