Using the same password over, and over again is one of the worst habits we have gotten us into. In this age where everything is safe behind a password, those passwords make your account vulnerable. In recent years, popular websites have been breached, and user data including passwords have been exposed. While it is surprising, there is nothing much one can do except that you make sure not to repeat same passwords. Especially those which is available on the internet.
Have I Been Pwned service
There are several services that will tell you if your account has been hacked, one of which is Have I been Pwned. These are popular services which maintain a database of half a billion real-world passwords previously exposed in data breaches. It lets anybody search for a password one plans to use. This will make sure it’s not a repeat.
That said, it’s going to be difficult for anyone to check manually for all accounts, and this is where extensions come into play. We have shared one such extension which works for Chrome called PassProtect, and today we are talking about the one which works with Firefox.
Prevent Pwned Passwords Add-on for Firefox
Prevent Pwned Passwords Add-on for Firefox lets you verify your passwords against breached passwords. These passwords are available at the Have I Been Pwned service. You can either check it manually or let it check for you automatically.
Once enabled, it will make sure to compare your existing password which you either type or one which auto-fills against the list of breached passwords in the database. If you try to use a password that’s known to have been compromised, you’ll get an alert.
When you install it for the first time, you can choose it to do it automatically, and take permission to access your data for all websites, display notifications to you, and access browser tabs.
You can choose to run it whenever you enter a password on any site to login or create an account. If you choose to run it manually, you can always right-click on the password box, and check it manually.
If you trust a website, you can also whitelist it. The extension will not verify them. Sites like Google, Facebook are very secure, and you might not have to use it there. However, I would still suggest you make sure that your passwords on those websites are not vulnerable and available in the database.
That said, this extension transmits the password using a hash. This means your password is encrypted, and not sent as a clear-text password. At least not like any identifiable information like a username or a URL.
To change the options for the add-on, you can type about:addons in the URL box, and hit Enter. Next, select your extension, and then choose between auto, on and off mode.
I wish password managers like LastPass, and others can build similar features which will help millions of users with the breached passwords.