Mozilla to embed Have I Been Pwned in new security system
Mozilla has just unveiled an exciting new upgrade set to debut in future versions of Firefox: a security tool driven by Troy Hunt’s “Have I Been Pwned” (HIBP) database. The overhaul is not unprecedented – back in November 2017, the company announced it would inform users when their accounts had been breached by using the accessible breach API on HIPB.
However, this meant users were only notified as and when they visited a breached site. Until now. Mozilla’s new system will fully integrate Hunt’s lauded HIBP tool into an entirely new site, the ominously named but well-intentioned Firefox Monitor.
The new secondary website will permit users to enter an email address into the database, in order to glean not just whether or not their account was part of a data breach, but if so, to what extent. What’s more, users will be offered tailored security recommendations in order to help them shore up their account security.
As a cautionary measure, the tool is being extended to around 250,000 primarily US users, although will no doubt face expansion if well-received. It’s a work-in-progress as of yet, and Mozilla is collaborating with HIBP and Cloudflare in order to conceive a method anonymous data sharing in a bid to ensure ethical data handling and respect of users’ privacy.
For his part, Hunt seems enthusiastic. In a blog post entitled “We’re Baking Have I Been Pwned into Firefox and IPassword”, he gushed: “This is major because Firefox has an install base of hundreds of millions of people which significantly expands the audience that can be reached once this feature rolls out to the mainstream.”
Meanwhile, Mozilla stressed the necessity of such a tool: “From shopping to social media, the average online user will have hundreds of accounts requiring passwords,” company spokesperson Peter Dolanjski asserted in a blog post. “At the same time, the number of user data breaches occurring each year continues to rise dramatically […] We decided to address a growing need for account security by developing Firefox Monitor”.
Worried about your increasingly unwieldy portfolio of online accounts? You’re certainly not alone. If you can’t wait to find out if your passwords are safe, you could just visit the site without Firefox, of course.