Shlee fooled around &"this is a common password."
mirabilos@shlee by even knowing that, you know they cannot be storing your password securely
Ben W@mirabilos @shlee Incorrect, Telstra check known hashes in-browser using the public pwnedpasswords api.
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity
Validating Leaked Passwords with k-Anonymity
Today, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security.
@benjidubs @shlee interesting! That was a way that hadn’t occurred to me.
And (thanks for the link) the anonymisation of the query applied also makes the unsalted hash problem not really applicable.
It’s a GDPR violation, though…