Have I Been Pwned — which tells you if passwords were breached — is going open source

Illustration by Alex Castro / The Verge These days, we almost take it as a given that piss-poor security will inevitably expose some of your usernames and passwords to the world — that’s why 2FA is so important, and why you might want a password checkup tool like the ones now built into every modern browser (well, Safari is coming soon) so you can quickly replace the ones that were stolen. But nearly all of those password checkup tools owe something to Troy Hunt’s Have I Been Pwned, which was kind of a novel idea when it first launched 7 years ago — and Hunt is now open-sourcing his website codebase so the idea can spread even further. While not all password checkup tools actually use Hunt’s database (a just-announced LastPass feature calls on one hosted by Enzoic instead),... Continue reading…