Password Compromise Notification on Login.

[MattW]

If you are logging in, and presented with a notification about your password being compromised, this is because of a new security addon we are running on here.

This is checking the password you are using against a known list of passwords that have been exposed in data breaches over the years.

Password reuse and credential stuffing

Password reuse is normal. It's extremely risky, but it's so common because it's easy and people aren't aware of the potential impact. Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.


NIST's guidance: check passwords against those obtained from previous data breaches

The Pwned Passwords service was created in August 2017 after NIST released guidance specifically recommending that user-provided passwords be checked against existing data breaches . The rationale for this advice and suggestions for how applications may leverage this data is described in detail in the blog post titled Introducing 306 Million Freely Downloadable Pwned Passwords. In February 2018, version 2 of the service was released with more than half a billion passwords, each now also with a count of how many times they'd been seen exposed.

Our recommendation if you are presented with this is to change your password to a new, unique password, to continue to secure your account on here. You can also check your email address against the database here: Have I Been Pwned: Check if your email has been compromised in a data breach

This will show where your details have been leaked from.

 

[The Potteries Guinea Pig Rescue]

Thanks for this have changed password x