Conversation

Notices

1. vinzv (vinzv@gnusocial.de)'s status on Wednesday, 22-Nov-2017 18:05:33 EST vinzv
   #Firefox is looking into integrating haveibeenpwned.com into the browser, alerting users if their credentials may have been involved in a data breach. https://gnusocial.de/url/4561880
   1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 22-Nov-2017 18:32:02 EST lnxw48a1

      in reply to
      @vinzv Better if they give the built in password store the ability to easily generate long and random passwords that meet sites' complexity requirements. Most people reuse passwords, but making it easier to generate and store a new PW than to type in the same old PW would help immensely.
      1. vinzv (vinzv@gnusocial.de)'s status on Wednesday, 22-Nov-2017 18:46:20 EST vinzv

         in reply to
         @lnxw48a1 Yeah, as that's only available via add-ons implementation into the core would be good.
         Nevertheless the haveibeenpwned check is a goos thing, I think.
   2. Annah (maiyannah@community.highlandarrow.com)'s status on Wednesday, 22-Nov-2017 18:48:49 EST Annah

      in reply to
      @vinzv That ironically seems like a huge privacy issue.
      1. sulman (sulman@smiley.thespinning.top)'s status on Wednesday, 22-Nov-2017 18:51:22 EST sulman

         in reply to
         @maiyannah @vinzv If it's opt-in I could see it being helpful to the lay user.
   3. Bob Jonkman (bobjonkman@gs.jonkman.ca)'s status on Thursday, 23-Nov-2017 14:38:05 EST Bob Jonkman

      in reply to
      I've never used sites like that. When a security vulnerability is announced lots of people flock to those sites to check if they've been pwnd. That space is ripe for trojan sites harvesting credentials rather than checking them. Having Firefox normalize that behaviour will be counterproductive in the long run. !privacy