DEV Community

loading...

Discussion on: Stuffing of Credentials?

Collapse
brandinchiu profile image
Brandin Chiu

As developers, one of the best things we can do fight credential stuffing is by integrating our authentication backend against databases of compromised passwords and issue warnings to our users:

"This password was recently exposed in a data breach, maybe you should try a different one".

For any service we build that handles money, this can also be used as a tool for reducing our potential liability for fraud! :)

Collapse
caffiendkitten profile image
DaNeil C Author

I love this idea of letting people know that their password has been seen somewhere but I have yet to see this used in the wild.

I like to check my own passwords on haveibeenpwned.com/ occasionally.

Collapse
brandinchiu profile image
Brandin Chiu • Edited

I saw it somewhere I just can't remember where. I'll see if I can find it.

It just makes use of the haveibeenpwnd api: haveibeenpwned.com/API/Consumers