|
|
|
|
|
|
by laken
2188 days ago
|
|
|
You're getting two different tools mixed up -- "Have I Been Pwned?" and "Pwned Passwords." Have I Been Pwned is the tool where you search your email, and it displays breaches. Pwned Passwords is an API (there is a front-end but that's not the usecase) where you send a partial hash of a password to the API, and it returns a list of partial hashes that match, and the implementation from there sees if any of them match the full hash. It's used by quite a few online services to ensure users don't use weak passwords, as if it's shown up in multiple data breaches, they might not let you set it as your password. |
|
|
https://blog.cloudflare.com/validating-leaked-passwords-with...