We'll now tell you if your email has been breached or hacked (on other providers)
Bento will now now tell you when you login, or even sign-up (yes, we'll slow down sales if it means keeping you secure), if your email has been compromised in a hack.
How are we doing it?
All user passwords are hashed using SHA-1 and then truncated to 5 characters, implementing the k-Anonymity model described in https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange and then checked against the HaveIBeenPwned.com API — the world's largest source of breaches.
Neither the clear-text password nor the full password hash is ever transmitted to the service.
More implementation details and important caveats can be found in https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
Why are we doing it?
We hope this leads to a more secure Bento, less freakouts and helps educate our users on the importance of web security. It's just too important to us.
👏 Clap 1 Anonymous Claps & 29 Reads