Bug 403300 - Implement Pwned Passwords password checker into KWallet / KSecretService
Summary: Implement Pwned Passwords password checker into KWallet / KSecretService
Status: REPORTED
Alias: None
Product: ksecretsservice
Classification: Frameworks and Libraries
Component: Client library (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR wishlist
Target Milestone: ---
Assignee: Valentin Rusu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-17 10:11 UTC by Matija Šuklje
Modified: 2022-08-27 11:27 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Matija Šuklje 2019-01-17 10:11:23 UTC 
KWallet / KSecretService is a great password manager, but once a password is breached, it’s not easy to find it.

Have I Been Pwned is a website (and service) that tracks if your e-mail address has shown up in any breaches. Recently they introduced a new service, where you can check how often a password has shown up before – in order to assess how safe it (still) is:

https://haveibeenpwned.com/Passwords

It is also possible to use their API to check several passwords in one go – if this could be added into KDE, it would be awesome:

https://haveibeenpwned.com/API/v2#PwnedPasswords

Alternatively, KDE could also download the torrents with hashes from the website (the files are 10+ GB though!) and do the scan either locally or on some other dedicated server.

An extra cool feature would be if KDE were doing regular checks if the passwords are still unique or not.
Comment 1 michaelk83 2022-08-27 11:27:55 UTC 
This is supported in KeePassXC.