Github’ Password Checking Security Tool Will Check Your Password For Breaches

Having strong passwords is the key to maintain your account security in the online world. Yet, sometimes, what you think of as a strong password might be too easy for hackers to crack. Besides, it might have been used earlier by some other internet user who lost it already to hackers. But how would you know it? Recently, Github has launched a password checking security tool that checks if your password matches with any of the breached passwords.

Github Launches Password Checking Security Tool

Last week, Github announced on their website about a new security tool that will help you in setting up your passwords. This password checking security tool will let you know if your password has been compromised in a breach.

To provide this functionality, Github collaborates with the popular site ‘HaveIBeenPwned’. HIBP is popularly for letting users check compromised passwords. The website put up their entire database of 517 million compromised passwords in downloadable form. Github, using this data, has created an ‘internal’ feature to validate user’s passwords.

As explained by Github,

“People using compromised passwords will be prompted to select a different password during login, registration, or when updating their password. Don’t worry, your password is protected by the password hashing function bcrypt in our database. We only verify whether your password has been compromised when you provide it to us.”

Github Urges Users For Two-Factor Authentication

Besides the password security tool, Github has also improvised the two-factor authentication and has urged users to use this feature.

“We highly recommend using a 2FA authenticator application that supports cloud backups in the event your phone is lost, stolen, or falls in the ocean.”

Users can set up two-factor authentication for their Github accounts through the “Security” tab in account settings.

Moreover, Github has recommended the users to use a password manager for setting up unique and strong passwords and to use a hardware security key for added account security. Besides, they also suggest periodically reviewing Github credentials, and to sign up for HIBP.

HIBP Password List Downloadable For All

Although Github’s security tool is applicable to Github accounts only, anyone can benefit from the HIBP data to introduce a similar feature for their websites too. HIBP has uploaded the entire data for free download by anyone. Users can use Torrent or Cloudflare to download the file.

The data file contains passwords in hashed forms to protect the original value, followed by the number of times that password appeared in the sourced data breaches. As described on the HIBP website,

“The list may be integrated into other systems and used to verify whether a password has previously appeared in a data breach after which a system may warn the user or even block the password outright.”

Let us know your views about this security feature in the comment section below.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients