Have You Been Pwned? - Computerphile

Name: Have You Been Pwned? - Computerphile
Uploaded: 2019-03-12T16:53:56.000Z
Duration: 10 min 59 s
Channel: Computerphile
Description: - "Have I Been Pwned" is a website run by Troy Hunt that collects leaked email addresses and lets users know if their email address is associated with a leak. - The Password API allows users to check if their passwords have been leaked by sending in their password to the API, which returns informati

March 12, 2019

Computerphile

TL;DR

Check if your passwords have been leaked using the Have I Been Pwned website or API to prevent vulnerability to dictionary attacks.

Transcript

I guess what we were asking today is have your passwords been pwned One of the websites I used to keep secure online is have I been pwned right now, I love this websites. It's great. Run by a guy called Troy hunt and whenever it is a big leak Let's say a company gets hacked and always using these passwords get leave out in internet Obviously peop... Read More

Key Insights

👤 Have I Been Pwned website helps users check if their email addresses have been leaked in data breaches, while the Password API enables users to check if their passwords have been compromised.
🔑 It is crucial to be cautious about where you enter your password and avoid entering it into any website that claims to check if it has been hacked.
🤢 The Password API uses k-anonymity to protect users' privacy by only providing partial hashes of passwords, reducing the risk of IP address vulnerability.
😒 It is advisable to use strong, unique passwords and regularly check if they have been leaked to maintain online security.
🔑 Password managers like 1Password automatically check passwords against the database to ensure they have not been leaked.
⌛ Passwords that appear in the database, especially if they have been leaked multiple times, are considered weak and should be changed immediately.
🔑 Making minor modifications to passwords can make them less susceptible to appearing in the leaked passwords database.

Install to Summarize YouTube Videos and Get Transcripts

Explore YouTube Video Summarizer or Get YouTube Transcript Extractor

Questions & Answers

Q: How does the "Have I Been Pwned" website work?

The website collects leaked email addresses and checks if your email address has appeared in any leaks, alerting you to potential security vulnerabilities.

Q: Is it safe to enter your password into a website that claims to check if it has been hacked?

Generally, it is not recommended to enter your password into any website, even if it is claimed to be secure. It's important to be cautious about where you enter your password for security reasons.

Q: What is k-anonymity and how does it protect privacy when using the Password API?

K-anonymity is a mechanism that allows users to send a partial hash of their password to the API, which only returns a list of possible matches. This way, the website does not know if the user's password is in the database, protecting their privacy.

Q: Are passwords that have been leaked in plaintext included in the Password API?

Yes, the database contains passwords that have been leaked and are now in plaintext form or were already in plaintext. These passwords have been previously cracked or leaked.

Summary & Key Takeaways

"Have I Been Pwned" is a website run by Troy Hunt that collects leaked email addresses and lets users know if their email address is associated with a leak.
The Password API allows users to check if their passwords have been leaked by sending in their password to the API, which returns information on whether it has appeared in any leaks.
It uses k-anonymity to protect users' privacy by only providing a partial hash of the password to the API, preventing the website from knowing if the user has a specific password and reducing the risk of IP address vulnerability.

Read in Other Languages (beta)

English

Share This Summary 📚

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on:

Try YouTube Summary with ChatGPT & Claude or YouTube Transcript Generator

Explore More Summaries from Computerphile 📚

Stable Diffusion in Code (AI Image Generation) - Computerphile

Computerphile

Bit Blit Algorithm (Amiga Blitter Chip) - Computerphile

Computerphile

What Is Transport Layer Security (TLS)?

Computerphile

What Makes Time Zones So Complicated?

Computerphile

Triple Ref Pointers - Computerphile

Computerphile

Error Detection and Flipping the Bits - Computerphile

Computerphile

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on:

Try YouTube Summary with ChatGPT & Claude or YouTube Transcript Generator

Transcript

Key Insights

👤 Have I Been Pwned website helps users check if their email addresses have been leaked in data breaches, while the Password API enables users to check if their passwords have been compromised.

🔑 It is crucial to be cautious about where you enter your password and avoid entering it into any website that claims to check if it has been hacked.

🤢 The Password API uses k-anonymity to protect users' privacy by only providing partial hashes of passwords, reducing the risk of IP address vulnerability.

😒 It is advisable to use strong, unique passwords and regularly check if they have been leaked to maintain online security.

🔑 Password managers like 1Password automatically check passwords against the database to ensure they have not been leaked.

⌛ Passwords that appear in the database, especially if they have been leaked multiple times, are considered weak and should be changed immediately.

🔑 Making minor modifications to passwords can make them less susceptible to appearing in the leaked passwords database.

Questions & Answers

Q: How does the "Have I Been Pwned" website work?

The website collects leaked email addresses and checks if your email address has appeared in any leaks, alerting you to potential security vulnerabilities.

Q: Is it safe to enter your password into a website that claims to check if it has been hacked?

Generally, it is not recommended to enter your password into any website, even if it is claimed to be secure. It's important to be cautious about where you enter your password for security reasons.

Q: What is k-anonymity and how does it protect privacy when using the Password API?

Q: Are passwords that have been leaked in plaintext included in the Password API?

Yes, the database contains passwords that have been leaked and are now in plaintext form or were already in plaintext. These passwords have been previously cracked or leaked.

Summary & Key Takeaways

"Have I Been Pwned" is a website run by Troy Hunt that collects leaked email addresses and lets users know if their email address is associated with a leak.

The Password API allows users to check if their passwords have been leaked by sending in their password to the API, which returns information on whether it has appeared in any leaks.

It uses k-anonymity to protect users' privacy by only providing a partial hash of the password to the API, preventing the website from knowing if the user has a specific password and reducing the risk of IP address vulnerability.