OLLI_S Posted January 12, 2019 Report Posted January 12, 2019 (edited) Hello, I have a suggestion for Enpass that increases the security of passwords and alerts the user when a website was hacked and a password change is recommended. The password manager 1Password has a feature called watchtower. They have an internal database of security breaches (database with information about hacked websites where user-data was stolen). In this database they store the website and also the date of the breach. 1Password stores for password entries two modification dates: modification date of the password modification date of the entry 1Password checks the password entries against this database. When a website was hacked after the password was changed in 1Password, then 1Password recommends to change the password. When the password was changed after the hack of the website, then users get no notification. So when the entry for a page was last changed today (like added some notes), but the password itself was changed 2 years ago, then users get a warning when the website was hacked 2 weeks ago. For the password manager KeePass there is a plugin available called HaveIBeenPwned.The plugin and the source code are available here: https://github.com/andrew-schofield/keepass2-haveibeenpwned This plugin downloads the public breach lists form "'have i been pwned?" and from "Cloudbleed Checker". The plugin checks (on demand) your passwords against these lists. In KeePass there is no modification date of the password. To get the modification date of the password the plugin checks the history of each entry and compares the passwords (to find out the modification date of the password). Suggestion: Please add also such a feature in Enpass in the Password Audits. In my opinion it is OK if you use the public available lists from "'have i been pwned?" and from "Cloudbleed Checker" (like the KeePass Plugin). This requires that you also store the "password modification date". When you import entries from KeePass then you should also determine the password modification date of the entry. In the KeePass XML the complete history is also exported. Regards OLLI Edited February 20, 2019 by OLLI_S 1
OLLI_S Posted January 17, 2019 Author Report Posted January 17, 2019 Hello, today I read in the media that there was a large data breach where 773 Million User Records were stolen:https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/ In the article I can read:In total, there are 1,160,253,228 unique combinations of email addresses and passwords. The unique email addresses totalled 772,904,991. So a breach check that works with URLs (like described above) would really be helpful. Especially when you actively warn the user. Best regards OLLI 1
Anshu kumar Posted January 18, 2019 Report Posted January 18, 2019 Hey @OLLI_S, The features for checking pwned passwords have already available in the Enpass. You can check under the ≡ menu from the toolbar --> select Tools → Check for Pwned Passwords. For more details please have a look at our user manual. Pwned passwords will be shown in Weak section of audit. Thanks!
OLLI_S Posted January 18, 2019 Author Report Posted January 18, 2019 Hello @Anshu kumar, 1Password and also the HaveIBeenPwnd plugin for KeePass check all my passwords agains HaveIBeenPwnd and warn me when I have not changed my passwords after the breach. When any website gets hacked in December 2018 and I changed my password in October 2018 (before the breach), then I get a warning. When I have changed the password in January 2019 (after the breach), then I don't get a warning. So 1Password and the HaveIBeenPwnd plugin for KeePass remind me to change the password when a specific website gets hacked. I am not a security expert but checking if the URL got hacked is different than checking if any passwords are found in the big password leag (from multiple sources). This is the reason why the HaveIBeenPwnd plugin for KeePass offers 3 different menu entries: Site/Domain based Username based Password based Details see https://github.com/andrew-schofield/keepass2-haveibeenpwned Best regards OLLI 1
Anshu kumar Posted January 19, 2019 Report Posted January 19, 2019 Thanks for the input @OLLI_S. I have noted it down and forwarded to the concerned desk for further consideration. Cheers! 2
OLLI_S Posted January 19, 2019 Author Report Posted January 19, 2019 Hello @Anshu kumar, thank you for forwarding it! I really love Enpass and want to help improving it. Best regards OLLI 1
OLLI_S Posted January 26, 2019 Author Report Posted January 26, 2019 (edited) Hello @Anshu kumar, I read in the German c't magazine that there were new password collections found in the web. They called them Collections #2 to Collections #5. Details see here: https://www.heise.de/security/meldung/Neue-Passwort-Leaks-Insgesamt-2-2-Milliarden-Accounts-betroffen-4287538.html In the article they write that 2.2 billion accounts are affected. So it is very important that Enpass helps us to find out if we are affected. You should check like the HaveIBeenPwnd plugin for KeePass the following ways: Site/Domain based Username based Password based Best regards OLLI Edited January 26, 2019 by OLLI_S 1
OLLI_S Posted February 12, 2019 Author Report Posted February 12, 2019 (edited) Hello, today I read in the c't magazine that a new database with 620 million accounts was found:https://www.heise.de/security/meldung/Gehackte-Websites-620-Millionen-Accounts-zum-Verkauf-im-Darknet-4305517.html They link also to an English article in The Register:https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/ Here the following websites are affected: 8fit (20 million) 500px (15 million) Animoto (25 million) Armor Games (11 million) Artsy (1 million) BookMate (8 million) CoffeeMeetsBagel (6 million) DataCamp (700,000) Dubsmash (162 million) EyeEm (22 million) Fotolog (16 million) HauteLook (28 million) MyFitnessPal (151 million) MyHeritage (92 million) ShareThis (41 million) Whitepages (18 million) It would be very useful if Enpass would alert users that have an account at one of these servers and asks them to change the password. Only if the password change date is newer than the breach of the website, then the account is marked as safe. Best regards OLLI Edited February 23, 2019 by OLLI_S 1
OLLI_S Posted February 23, 2019 Author Report Posted February 23, 2019 (edited) Hello, sorry if I post again, but there was an other database found with 127 million accounts affected:https://www.heise.de/security/meldung/Datenverkauf-im-Darknet-Nachschlag-mit-127-Millionen-weiteren-Accounts-4310778.html Here the English article they link to:https://techcrunch.com/2019/02/14/hacker-strikes-again/ Here the following websites are affected: Houzz (57 million accounts affected) YouNow (40 million accounts affected) Ixigo (18 million accounts affected) Stronghold Kingdoms (5 million accounts affected) Roll20 (4 million accounts affected) Ge.tt (1.8 million accounts affected) PetFlow (1 million accounts affected) Coinmama (450.000 accounts) Best regards OLLI Edited February 23, 2019 by OLLI_S 1
OLLI_S Posted March 15, 2019 Author Report Posted March 15, 2019 Hello, today I read that the Chinese e-commerce company Gearbest had a "Huge Data Breach". Hackers could (and still can) access different parts of Gearbest’s database. See article Report – Gearbest Hack: Hundreds of Thousands Affected Daily by Huge Data Breachhttps://www.vpnmentor.com/blog/gearbest-hack/ The email addresses and the passwords were stored unencrypted! So this is really a mess! Best regards OLLI
OLLI_S Posted May 19, 2019 Author Report Posted May 19, 2019 @Vikram Dabas Here is a screenshot of the scan results of the Have I Been Pwned plugin in KeePass. I selected to see all results (default is to see only those results where the password was not changed after the breach) so you see more results. You see that the plugin gets the Password Change Date in KeePass (this is not stored, but he plugin compares the passwords in the history of each entry). It also displays the breach date and at the bottom you get information about the breach. Would be cool if Enpass also offers such a "Check breach by website" feature and also displays information (text) about the breach. Of cause in a larger font. OLLI
Guest Vikram Dabas Posted May 20, 2019 Report Posted May 20, 2019 Hi @OLLI_S Thanks for your suggestion! We will take it into account and maybe will implement in further versions. Cheers!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now