Latest in Tomorrow

Image credit: JasonDoiy via Getty Images

Firefox Monitor will tell you when your passwords are compromised

It’s “when,” not “if.”
441 Shares
Share
Tweet
Share
Save

Sponsored Links

JasonDoiy via Getty Images

After a few months of testing, Mozilla has launched its free Firefox Monitor service that notifies users when their credentials are stolen as part of a data breach. The website, which is essentially an external interface to Troy Hunt's Have I Been Pwned (HIBP) database, also allows users to sign up for notifications in case their email addresses are found in future breaches.

With more and more databases containing stolen user credentials, from email addresses to credit card numbers, now being illegally hosted on the internet, monitoring services like Mozilla's one make a lot of sense. Although re-using passwords on different websites is very bad practice, it still happens often, and having a password breached once could pose a threat to other accounts protected that feature the same one.

To make sure that email addresses entered by the Monitor's users are not shared even with its partner HIBP, Mozilla uses hash range query API endpoints. Simply speaking, it hashes the user's email and sends a few first characters of the hash as a query. HIBP then finds all entries that start with these characters and replies with a series of hash suffixes of the breached accounts, which are then checked on Mozilla's side. This way, even hashed email addresses are not shared with any third parties.

For Firefox users, the partnership between Mozilla and HIBP also brings notifications when they visit websites that have suffered a breach in the past. In addition to that, the company recently announced new anti-tracking features that are already available in the Nightly version of its browser.

Mozilla is not the only company that's partnered with HIBP to notify users about breaches. The password manager 1Password can also check its users' credentials against the database; there are also DIY solutions for other password managers.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
441 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best mobile devices for students

The best mobile devices for students

View
YouTube pulls hundreds of channels tied to Hong Kong influence campaign

YouTube pulls hundreds of channels tied to Hong Kong influence campaign

View
'Fortnite' finally nerfs the hated B.R.U.T.E. mechs

'Fortnite' finally nerfs the hated B.R.U.T.E. mechs

View
After a year of Epic Games exclusivity, ‘Hades’ heads to Steam Early Access

After a year of Epic Games exclusivity, ‘Hades’ heads to Steam Early Access

View
Porsche streamlines the Taycan EV’s infotainment system

Porsche streamlines the Taycan EV’s infotainment system

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr