Chapter 22. Tool: Account Auditing
A common practice is for users and enterprises to continually audit their accounts so they can become aware if their email addresses or passwords have been exposed as part of a known data breach. This is important because if an email address is stolen, it could be used as part of a phishing campaign. The danger increases if the breach also included other identifying information. Passwords that are stolen routinely make their way into password and hash dictionaries. If you continue to use a password that was stolen during a breach, even if it was not related to your account, it makes your account more susceptible to attack.
In this chapter, we use the website Have I Been Pwned? to audit user accounts. The requirements are as follows:
-
Query haveibeenpwned.com to check whether a password is associated with a known breach.
-
Query haveibeenpwned.com to check whether an email address is associated with a known breach.
Have I Been Pwned?
The website https://haveibeenpwned.com is an online service that allows users to determine whether their email address or password was stolen during a significant data breach. The site has a RESTful API that allows you to query the database by using the SHA-1 hash of a password, or an email address. It does not require you to sign up or use an API key, but you cannot make requests faster than once every 1,500 milliseconds from the same IP address.
Warning
We demonstrate version 2 of the Have I Been Pwned API. ...
Get Cybersecurity Ops with bash now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
