HIBP Update - New Passkeys and Enhanced Privacy Features
Basically, Have I Been Pwned added new features to help keep your data safer.
Have I Been Pwned has rolled out major updates, including k-anonymity searches and automated domain verification. These changes enhance user privacy and streamline services for larger organizations. Now, users can protect their data more effectively while accessing critical breach information.
What Changed
Have I Been Pwned (HIBP) has undergone a significant transformation, evolving from a simple hobby project into a robust service used by millions. With hundreds of thousands of daily visitors and billions of compromised records processed annually, the platform is now introducing exciting new features. These updates aim to enhance user privacy and streamline operations for larger organizations.
Among the most notable changes are the introduction of k-anonymity searches and automated domain verification processes. These features are designed to protect user data while maintaining the effectiveness of the service. The new structure of subscription plans also reflects a shift to better accommodate different user needs, from small businesses to large enterprises.
How This Affects Your Data
The introduction of k-anonymity searches is a game-changer for user privacy. Previously, searching for an email address involved sending the actual email to HIBP, which could potentially expose personally identifiable information (PII). Now, users can create a SHA-1 hash of their email and only send the first six characters to the API. This means that HIBP cannot trace the search back to the original email address, enhancing confidentiality.
Additionally, the automated domain verification process simplifies how organizations can manage their domains. Previously cumbersome steps have been replaced with streamlined methods, allowing for quicker and more efficient verification. This is particularly beneficial for managed service providers (MSPs) who monitor multiple domains for their clients.
Who's Responsible
The updates come from HIBP's founder, Troy Hunt, who has been dedicated to improving the service since its inception. His focus on user privacy and data protection is evident in these new features. The revisions to the terms of service now allow MSPs to use HIBP for their customers, expanding the service's utility while ensuring compliance with privacy standards.
With these changes, HIBP is not only maintaining its commitment to user privacy but also adapting to the needs of larger organizations that require more robust tools for monitoring and protecting their domains.
How to Protect Your Privacy
To take advantage of these new features, users should consider subscribing to the appropriate plan that fits their needs. For those managing multiple domains or handling sensitive data, the Pro or High RPM tiers may be the best fit.
Additionally, organizations should implement the k-anonymity search method when querying HIBP to ensure that their users' email addresses remain confidential. By adopting these practices, users can enhance their privacy and security while utilizing HIBP's powerful resources effectively.