Jump to content
Enpass Discussion Forum

Search the Community

Showing results for tags 'breach'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General discussion
    • Hot topics
    • Enpass Support & Troubleshooting
    • Registration and Purchases
    • Autofilling and Desktop Browser Extensions
    • Data Security
    • Announcements
  • Help us improve Enpass
    • Feature requests
    • Enpass Beta
    • Localization
  • General discussion

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 1 result

  1. Hello, I have a suggestion for Enpass that increases the security of passwords and alerts the user when a website was hacked and a password change is recommended. The password manager 1Password has a feature called watchtower. They have an internal database of security breaches (database with information about hacked websites where user-data was stolen). In this database they store the website and also the date of the breach. 1Password stores for password entries two modification dates: modification date of the password modification date of the entry 1Password checks the password entries against this database. When a website was hacked after the password was changed in 1Password, then 1Password recommends to change the password. When the password was changed after the hack of the website, then users get no notification. So when the entry for a page was last changed today (like added some notes), but the password itself was changed 2 years ago, then users get a warning when the website was hacked 2 weeks ago. For the password manager KeePass there is a plugin available called HaveIBeenPwned. The plugin and the source code are available here: https://github.com/andrew-schofield/keepass2-haveibeenpwned This plugin downloads the public breach lists form "'have i been pwned?" and from "Cloudbleed Checker". The plugin checks (on demand) your passwords against these lists. In KeePass there is no modification date of the password. To get the modification date of the password the plugin checks the history of each entry and compares the passwords (to find out the modification date of the password). Suggestion: Please add also such a feature in Enpass in the Password Audits. In my opinion it is OK if you use the public available lists from "'have i been pwned?" and from "Cloudbleed Checker" (like the KeePass Plugin). This requires that you also store the "password modification date". When you import entries from KeePass then you should also determine the password modification date of the entry. In the KeePass XML the complete history is also exported. Regards OLLI
×
×
  • Create New...