|
|
|
|
|
|
by hanoz
2306 days ago
|
|
|
> It's worth noting that haveibeenpwned's API has a really clever design for allowing people to look up their passwords without transmitting them to the site. If you use the API to look up one of you passwords and it turns out to be pretty poor, then the service knows you're highly likely to have been looking up the top (by count) result, so now has the password and your IP address. I appreciate this service provider is well respected, but still, this is also worth noting. |
|
|