Have I Been Pwned, a password leak check app, has evolved to version 2.0
'
Troy Hunt: Have I Been Pwned 2.0 is Now Live!
https://www.troyhunt.com/have-i-been-pwned-2-0-is-now-live/
Have I Been Pwned has been completely rebuilt, with changes to nearly every webpage and many new features. You can access the new Have I Been Pwned here:
Have I Been Pwned: Check if your email address has been exposed in a data breach
https://haveibeenpwned.com/
The new Have I Been Pwned site features a big search box on the front page, where you can enter your email address and confetti will fly if there is no data breach.
Regarding the confetti that will fly if there is no data leak, Troy Hunt, developer of Have I Been Pwned, said, 'Have I Been Pwned is a website that is a little bit playful. It's not a scary place that will incite fear about the 'dark web'. Rather, we aim to provide actionable information that is more accessible to the public and is fact-based and unhyped. The confetti should brighten the atmosphere a little.'
On the other hand, if there is a data leak, the word 'Data Breach' and the number of cases will be displayed in red text as shown below. Below that, the timeline of when and where the data was leaked is displayed. In the following case, the cause was
In addition, search support for usernames and phone numbers has been removed from the website. The username search feature was implemented in 2014, and the phone number search feature was implemented in 2021. Regarding the reason for removing these features, Hunt explained, 'Compared to email addresses, usernames and phone numbers are very difficult to parse from data breaches.' 'Also, since no one 'owns' usernames, notifications cannot be sent, and sending SMS to phone numbers is very costly compared to sending emails.' 'Also, even if the question of 'maybe data was leaked?' arises, usernames and phone numbers are usually not leaked very often.'
In addition, the following page summarizes what type of data was leaked for each incident. With the evolution to version 2.0, Have I Been Pwned is now displayed in a more user-friendly format. Regarding what's unique about the new Have I Been Pwned, Hunt explained that 'it provides more targeted advice on what to do after a data breach.'
In addition, the app also displays actions that users should take in response to the data leak. Recommended actions include 'changing your password,' 'implementing two-factor authentication,' 'checking whether other accounts have been leaked,' 'monitoring suspicious behavior,' and 'implementing 1Password (a password manager)' (advertisement).
Have I Been Pwned has various features such as a 'Domain Search Dashboard,' 'Paid Subscription Management Screen,' and 'Email Address Theft Log.' These have been integrated into a central dashboard. Various features are summarized in the menu on the left side of the screen, and the explanation of each feature is self-explanatory. Each feature is summarized under the sign-in button, making it clear that you need to log in to your account before using each feature. In addition, it seems that they plan to support passkeys in the future.
There is also a domain search feature that allows you to check if any of your domains have been affected by a data breach.
The domain search feature now provides a clearer summary of search results, and goes beyond just email addresses to also include a highly requested new dropdown with the latest breach information.
All these searches simply return JSON from the API, so the entire dashboard works as a single page app. This makes everything extremely fast. Filtering is also done exclusively client-side on the full JSON of the domain search. This approach has been tested on over 250,000 compromised email address domains and has worked flawlessly.
In addition, Have I Been Pwned has an official merchandise store. Everything sold in the merchandise store is sold at cost, and there is no profit to be made. Hunt explains that it is 'just implemented as a fun initiative for the community.'
Pwned Store
https://merch.haveibeenpwned.com/
Related Posts:
in Web Service, Security, Posted by logu_ii