Have I Been Pwned: Pwned Passwords
haveibeenpwned.com
Pwned Passwords is a huge corpus of previously breached passwords made freely available to help services block them from being used again.

Nerdy PWs leaked:

Treebeard - “This password has been seen 1,207 times before in data breaches!”

NedStark - 20 times

CerseiLannister - 30 times

youknownothingjonsnow - 61 times

PicardIsSexy - 0 times (!The_Picard_Maneuver@piefed.world you’re safe. ;)

NSFW passwords

spoiler

bigdick - 178,712 (!?!)

bigpussy - 9,226

longpussy - 26

longdick - 10,762

wetpussy - 61,575

wetdick - 579

twat - 6,588

dickhead - 201,942

((More to come later))

  • FiskFisk33@startrek.websiteEnglish
    131·
    7 hours ago

    very sane reaction.

    I have to say though, haveibeenpwned is very well regarded in the industry, and is run by a well known security expert. A leak from there would be quite the blow to his reputation.

    https://en.wikipedia.org/wiki/Have_I_Been_Pwned

    That said, while I happily give them my email-addresses, I have never given them my password.

    • nogooduser@lemmy.worldEnglish
      9·
      6 hours ago

      A leak from there would be quite the blow to his reputation.

      I’m not so sure that it would be a huge blow. He’s only human and everyone is susceptible to the odd mistake.

      He did get phished last year and blogged about it after it happened which is the transparent approach that security experts say is the correct response. I’m pleased that he followed the advice that he gives to be honest and don’t think any less of him for suffering a breach.

      https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

    • thejml@sh.itjust.worksEnglish
      31·
      7 hours ago

      All it takes is a malicious actor to MITM or a compromised codebase or any other malicious things to slip in something and its also pwned.

      I’ve seen too many widely recognized and supposedly secure things fail, to trust this with my passwords.

      • FiskFisk33@startrek.websiteEnglish
        2·
        6 hours ago

        I’d argue though, if you use a single password for everything, its probably more secure to add it here to to at least get an indication when it’s breached. Your surface in that case is already so large that the difference is negligible compared to the gained warning.

        That said, don’t reuse passwords!