While waiting for a tasty Lasange to cook, I read about Troy Hunt’s excellent update to his Pwned Passwords service.
For those unaware, Troy runs haveibeenpwned.com and is basically the expert when it comes to passwords, password breaches and generally ruining your day by informing you that your personal data has been breached again.
Without getting into the nitty-gritty of how we’ve been doing passwords wrong this whole time, Troy’s PwnedPasswords service now offers you a way to validate that a password isn’t on any known password list without actually giving away the password itself.
That in itself is pretty cool, but what’s even cooler is how easy it was to use. How easy? I was able to throw together a .net library for it within a few minutes (Before my Lasagne was done cooling, in fact), that’s how easy. Go ahead and grab it while it’s hot.
And of course it’s open-source.
Note: This was VERY quick and dirty – there’s minimal error handling, it could be a fair bit more efficient and it doesn’t return anything from the API such as the number of times that password has been recorded. I’ve labelled it as v0.1.0 for now and if I get time, I’ll improve it with future updates.