Passwords are the most common way to protect our accounts. That's why we should use strong, unique passwords for every account on the Internet. But since we have too many accounts on different websites and platforms, simply remembering them is unrealistic. To do this, many of us use a password manager to keep track of them all. HaveIBeenPwned.com (HIBP) and Google Chrome's password manager are among the most popular tools. The first also allows us to see if our accounts have been hacked.
HIBP creator Troy Hunt recently announced two major updates to the service. More interestingly, they struck a partnership with the FBI. This means that the latter will provide data on service disruptions, increasing the amount of data available to anyone on the network for inspection.
In addition, HIBP now allows us to check whether our Facebook accounts were included in a data breach that collected personal information from over 533 million accounts a few years ago. If you remember, the database became widely available a few months ago.
HIBP made two updates
A couple of days ago, Hunt announced that HIBP is open source using the .NET Foundation. For those who still don't understand what this means, this will allow more people to use similar services in the future:
So, I can, as the saying goes, "lift and translate" proprietary passwords to open source land pretty straight forward. This is great because, as I said before, it's now an important part of many online services, and this move ensures that everyone can run their own instance of Pwned Passwords if they so choose. I hope this encourages wider adoption of the service, both through the transparency that opening up the codebase brings, and the confidence that people can always "roll their own" if they want to. Maybe they don't want an API placement dependency, maybe they just want a fallback position in case I ever meet an early death in a jet ski accident. It gives people a choice.
As for the second big change, as mentioned above, they are working with the FBI. It regularly investigates hacks and data breaches. Thus, the FBI keeps track of compromised accounts.
The FBI approached us and we started a discussion about what that might look like, how to give them the ability to submit compromised passwords to HIBP and surface them with the Pwned Passwords feature. Their goal here is perfectly aligned with mine and, I dare say, the goals of most people reading this: to protect people from account takeovers by alerting them when their password is compromised. Submitting these passwords to HIBP allows the FBI to do this nearly 1 billion times each month. This is good support 
[So]
