Cover Your pASSword
Cover Your pASSword
PassProtect is a browser plugin that makes it easy for people to see in real time whether or not their password was exposed in a breach.
Join the DZone community and get the full member experience.Join For Free
Thanks to Randall Degges for taking me through Okta's new PassProtect solution introduced at Oktane18. This is one of several products introduced to help developers, security professionals, and end-user customers be more secure.
There are more than a half a billion passwords floating around the Internet, largely exposed through data breaches. That’s 500,000,000+ of your, your friends’, your families’ passwords exposed to anyone and everyone.
While the average person is generally aware security is important, they often don’t know what steps they can take to protect themselves. While we’ve seen countless stories listing ‘123456’ and ‘password’ as popular (and terrible) passwords, consumers aren’t taking action to change their credentials. All too often, even if it’s the “right thing to do,” users will skip or skimp on security if it’s perceived as too complicated. Actionable information on breaches is also typically lacking; users don’t have visibility into what data was compromised, including usernames and passwords.
Troy Hunt’s site, HaveIBeenPwned, is an invaluable resource for consumers, giving them one place to go to determine if their email and/or password has been exposed in a breach. Okta added functionality last year to allow organizations to check users’ passwords against lists of known bad passwords as well as known bad password policies to help protect users from themselves. Now they are bringing that same functionality to consumers, offering a single, simple experience powered by the HaveIBeenPwned database so that every consumer can take advantage of PassProtect.
PassProtect is a browser plugin that makes it easy for people to see in real time whether or not their password was exposed in a breach. With a real-time, as-you-type notification, PassProtect alerts users of potential “riskier” passwords so they can take action immediately and without compromising privacy. By using k-anonymity, PassProtect ensures passwords are never seen, stored, or sent over the network during this checking process.
Okta has also made it easy for developers to add this functionality directly into their app or website. By surfacing related information and breach details, PassProtect promotes security awareness for users while relieving developers of the burden of tracking breaches and maintaining a homegrown tool. Randall gives a deeper breakdown of the dev offering here.
The best part? It’s completely free, and available today in the Chrome Web Store. Visit Passprotect.io for more information.
Opinions expressed by DZone contributors are their own.