Ask A Question

Notifications

You’re not receiving notifications from this thread.

Strong Passwords with HaveIBeenPwned Discussion

Discussion for Strong Passwords with HaveIBeenPwned
Shawn Wilson Shawn Wilson

The timing of this video is perfect! I was wanting to add something like this to my app.. but was stuck on what approach to take!

Again another usefull and well explained video! Keep it coming Chris!

Reply
Fred Tetard Fred Tetard

Like this video - I also found it as usefull and well explained ! congratulation Chris!

Reply
Colin Atkins Colin Atkins

Dear Chris,

Why would one send their users passwords over an relatively insecure HTTPS connection to a third party API? I like increased security but this makes no sense. We don't know who controls the API and if they log the sent passwords.

Am I missing something? Even if its hashed, it doesn't worth the risk.
If the password library was downloaded it would be good. Otherwise not.

Have you thought about that Chris?

Cheers

Reply
Howard OLeary Howard OLeary

The HaveIBeenPwned API is run by Troy Hunt, he's pretty famous in the InfoSec community. I don't think they log the passwords, but I don't know that definitively. That being said, a preamble that explains that would be helpful in this video.

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 86,946+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.