Hacker News new | ask | show | jobs
by santiagobasulto 922 days ago
Ah! Thanks a lot, it now makes sense. So at some point HIBP has the unhashed passwords, they obviously don’t make those public, good trick. How do you handle this from a UX perspective? Just tell the user that password is “not strong enough”?
1 comments
aareet 922 days ago
Password managers that have HIBP integration are open about it - one says "this password appears in a list of compromised passwords"
link