General

  1. Alert when a new version of the file is uploaded

    I would like to receive an alert when a new version of the file is uploaded

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Provide option to delete email addresses after unsubscribing from notifications

    When unsubscribing from the notification service, the email addresses are still stored in the database. When you're going to re-subscribe, the email tells you that you already verififed the email address.

    To comply with data minimization, an option should be given for record should be completely deleted when unsubscribing.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Add metadata to describe how password is stored

    People should have awareness about proper security of websites

    Original title: List websites that do not hash passwords, but rather encrypt or store plain text such as einforma.com edpnet.be

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Opt-in again after opting-out

    I know that these suggestions have appeared many, many, many times.

    While it is currently possible to change your mind to another of the three points after you opt-out, it would be more useful and right to add the option to opt-in back. At least for new breaches.

    One of the reasons is that 1Password Watchtower simply stops working for email searches.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. correct PW info ?

    I checked my new long & unique 13 character PW.. got the response of Not Pwned... but also: 'Oh NO this PW has been seen before in a breach'... so which is it?
    I made up 2 more long & unique PWs to test this and still got the same results. How can a previously non-existent just-made-up PW show in a breach !
    I truly appreciate the work your site does, but how can a PW be both safe and compromised at the same time !

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Stop address reuse. Set up a btcpayserver for bitcoin donations instead

    I love your site. But for someone giving advice to not reuse passwords, its ironical that you have a static bitcoin address for donations. (FYI: I already donated, and I'll gladly do it again. This is just a tip)

    "Address reuse" in bitcoin is problematic as it ties together funds in a way that reduces privacy and security for all involved parties.

    Rather, each transaction should always be made to its own address. All modern wallets support this concept. Check out https://btcpayserver.org/ for a free, self-hosted, open source payment processor that is aligned with Bitcoin's (and your own) values of…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Make a section on what to do if you have been pawned.

    So, Iv'e been pawned? What's next? What do I need to do? How can I fix this issue or protect myself from this happening again? You talk about being pawned but I don't see anything in simple English on the next steps besides using your password generator which I have been using for years but still got pawned.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Sort breaches by date

    This is mostly useful for those of us who like to check for new leaks involving our email addresses every few months. Currently one has to read through the whole list of results since they're in a seemingly arbitrary order, including those one has already changed the relevant passwords for.

    19 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. show an example of the phone number layout for Facebook data search

    Like does it include dashes? spaces?
    example: +1 954-123-4567 or +19541234567?

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Add an Ethereum / Bitcoin SV / credit card / other for donations

    Add an Ethereum address for donations and convert all existing Bitcoin donations to renBTC (there's more Bitcoin in the Ethereum network than on the lightning network) via bridge.renproject.io and exchange renBTC for Ethereum via 1inch.eth.link (1inch exchange).

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Badges!

    Would be amusing to have an hibp breach count badge next to peoples usernames on blogs/etc. alongside their twitter badge, SO scores, etc.. Might help to raise awareness of hibp.

    54 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Add the ability for a domain owner to view and unsubscribe any currently setup domain subscription

    A domain subscription checker (done with similar verification to the domain verification links) would enable the domain owner to check only current employees have have access to the information, and to revoke any incorrectly or outdated subscriptions on the domain without having to have access to each destination mailbox

    From personal mistake:
    I've subscribed for domain alerts, copied the verification token and authorised before it took me back to a screen that showed I'd mis-spelt the notification email address hostname! That means someone else now is approved to see full domain level summary.

    As the notification email address is different…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. 7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Full email service for companies to help CISOs

    Hello,

    I'm using Have I been Pwned to find out unsealed email accounts and passwords for our company domain and I'm very pleased about this service.

    But to make life easier I suggest the following service:
    1) I sign in at Have I Been Pwned.
    2) I type in and confirm all domains of my company
    3) I define a text to inform my users about a possible problem, that their passwords are maybe lost.
    4) I accept the actual status of unsealed account information as the base line
    5) If new breaches of user accounts will occur Have I…

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. API access: Recurring yearly payment

    This would help us alot as a company. Doing monthly bill mapping with a corporate creditcard is not working for us :-)

    369 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    42 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. List registered email addresses for domain notification

    Can we please have an notification sent to advise which email addresses have been subscribed to domain notifications over time and an option to remove email addresses from domain notifications.

    5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Prevent the pwned passwords page from mirroring hashes to Azure App Insights

    Currently when I submit a password to HIBP it sends two requests. One to https://api.pwnedpasswords.com/range/<hash> and another to https://dc.services.visualstudio.com/v2/track with a copy of the hash:
    [
    {
    "data": {
    "baseData": {
    "data": "GET https://api.pwnedpasswords.com/range/<hash>",
    "duration": "00:00:00.100",
    "id": "|<id>.<id>",
    "name": "GET /range/<hash>",
    "resultCode": "200",
    "success": true,
    "target": "api.pwnedpasswords.com",
    "type": "Ajax",
    "ver": 2
    },
    "baseType": "RemoteDependencyData"
    },
    "iKey": "<id>",
    "name": "Microsoft.ApplicationInsights.<id>.RemoteDependency",
    "tags": {
    "ai.device.id": "browser",
    "ai.device.type": "Browser",
    "ai.internal.sdkVersion": "javascript:1.0.21",
    "ai.operation.id": "HdzCf",
    "ai.operation.name": "/Passwords",
    "ai.session.id": "<id>",
    "ai.user.id": "<id>"
    },
    "time": "2021-06-10T04:27:35.000Z"
    }
    ]

    Is it really necessary to send hashes to this many parties?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Split up breach listing page

    This page:
    https://haveibeenpwned.com/PwnedWebsites#Facebook
    Is surprisingly difficult to browse on mobile, because it's so very long.
    The anchor link doesn't seem to always take you to the right section, because of the page length, at least on mobile. On desktop, it works fine though.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Show me an example of the response that is received when a phone number is sent to the breachedaccounts api endpoint

    I am working on an application - I am unable to find a number that was in a breach. Can you please provide me an example response when a phone number is queried to the breachedaccounts api. I just need to look at the structure and the keys

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. "Leak date" column in spreadsheet

    It would be better if the spreadsheet with the leak records had a "leak date" column.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3 4 5
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base