Sponsored Links

Firefox Monitor will tell you when your passwords are compromised

It’s “when,” not “if.”
JasonDoiy via Getty Images
JasonDoiy via Getty Images
Andrii Degeler
Andrii Degeler|@adegeler|September 25, 2018 9:00 AM

After a few months of testing, Mozilla has launched its free Firefox Monitor service that notifies users when their credentials are stolen as part of a data breach. The website, which is essentially an external interface to Troy Hunt's Have I Been Pwned (HIBP) database, also allows users to sign up for notifications in case their email addresses are found in future breaches.

With more and more databases containing stolen user credentials, from email addresses to credit card numbers, now being illegally hosted on the internet, monitoring services like Mozilla's one make a lot of sense. Although re-using passwords on different websites is very bad practice, it still happens often, and having a password breached once could pose a threat to other accounts protected that feature the same one.

To make sure that email addresses entered by the Monitor's users are not shared even with its partner HIBP, Mozilla uses hash range query API endpoints. Simply speaking, it hashes the user's email and sends a few first characters of the hash as a query. HIBP then finds all entries that start with these characters and replies with a series of hash suffixes of the breached accounts, which are then checked on Mozilla's side. This way, even hashed email addresses are not shared with any third parties.

For Firefox users, the partnership between Mozilla and HIBP also brings notifications when they visit websites that have suffered a breach in the past. In addition to that, the company recently announced new anti-tracking features that are already available in the Nightly version of its browser.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

Mozilla is not the only company that's partnered with HIBP to notify users about breaches. The password manager 1Password can also check its users' credentials against the database; there are also DIY solutions for other password managers.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Firefox Monitor will tell you when your passwords are compromised