Current CTO exploring entrepreneurship on the side; coach; mentor; instructor.
Dedicated to promoting digital literacy and ideological diversity in tech.
As developers, one of the best things we can do fight credential stuffing is by integrating our authentication backend against databases of compromised passwords and issue warnings to our users:
"This password was recently exposed in a data breach, maybe you should try a different one".
For any service we build that handles money, this can also be used as a tool for reducing our potential liability for fraud! :)
I write to better educate myself as I go through CTFs and Bug Bounties. If anything I have written is incorrect, please let me know and send me a link to an article to read to better educate myself.
Location
Seattle
Education
Information Technology BA and Software Engineering Bootcamp Grad
Current CTO exploring entrepreneurship on the side; coach; mentor; instructor.
Dedicated to promoting digital literacy and ideological diversity in tech.
As developers, one of the best things we can do fight credential stuffing is by integrating our authentication backend against databases of compromised passwords and issue warnings to our users:
"This password was recently exposed in a data breach, maybe you should try a different one".
For any service we build that handles money, this can also be used as a tool for reducing our potential liability for fraud! :)
I love this idea of letting people know that their password has been seen somewhere but I have yet to see this used in the wild.
I like to check my own passwords on haveibeenpwned.com/ occasionally.
I saw it somewhere I just can't remember where. I'll see if I can find it.
It just makes use of the haveibeenpwnd api: haveibeenpwned.com/API/Consumers