With the recent release of Have I been pwned version 2.0 I’ve seen a lo of articles talking about using the tools to check and see if that oh so clever password you came up with is actually so unique or if it’s appears in a data breach before. There’s also been some talk of various tools that might check that for you, perhaps having it built into password managers like 1Password, for example.
Last night I also noticed another useful place where a plugin is checking the account password you use to login to a WordPress install, and forcing a password reset if it’s found in the breached data. (Yes, I found this out when it forced a reset on one of my blogs, but I’m cool with that. Happy to have help staying safe! Obviously what I thought was a random password, was found elsewhere!)
Anyway, the plugin in question is a security plugin called Wordfence. In the chagelog for their Mar. 1 update, there’s this little nugget:
Improvement: Added a new feature to prevent attackers from successfully logging in to admin accounts whose passwords have been in data breaches.