There are over half a billion passwords floating around the Internet, largely exposed through data breaches. That’s 500,000,000+ of your, your friends’, your families’ passwords exposed to anyone and everyone.
While the average person is generally aware security is important, they often don’t know what steps they can take to protect themselves. While we’ve seen countless stories listing ‘123456’ and ‘password’ as popular (and terrible) passwords, consumers aren’t taking action to change their credentials. All too often, even if it’s the “right thing to do,” users will skip or skimp on security if it’s perceived as too complicated. Actionable information on breaches is also typically lacking; users don’t have visibility into what data was compromised, including usernames and passwords.
Troy Hunt’s site, HaveIBeenPwned, is an invaluable resource for consumers, giving them one place to go to determine if their email and/or password has been exposed in a breach. At Okta, we announced last year that we added functionality to our product to allow organizations to check users’ passwords against lists of known bad passwords as well as known bad password policies (hot tip: don’t use your name in your password) to help protect users from themselves. Now we’re bringing that same functionality to consumers, offering a single, simple experience powered by the HaveIBeenPwned database that every consumer can take advantage of: PassProtect.
PassProtect is a browser plugin that makes it easy for people to see in the moment whether or not their password was exposed in a breach. With a real time, as-you-type notification, PassProtect quickly alerts users of possible “riskier” passwords so they can take action immediately and without compromising privacy. By using k-anonymity, PassProtect ensures that your passwords are never seen, stored, or sent over the network during this checking process.
We’ve also made it easy for developers to add this functionality directly into their app or website. By also surfacing related information and breach details, PassProtect promotes security awareness for users while relieving developers of the burden of tracking breaches and maintaining a homegrown tool. Okta’s own Randall Degges gives a deeper breakdown of the dev offering on our Developer Blog.
The best part? It’s completely free, and available today in the Chrome Web Store. Visit passprotect.io for more info!