Skip to content

General

← Customer feedback for Have I Been Pwned

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

112 results found

  1. Potrebbe essere un virus?

    https://www.youtube.com/watch?v=iKgH2CRPohc&feature=emb_logo

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  2. Stop address reuse. Set up a btcpayserver for bitcoin donations instead

    I love your site. But for someone giving advice to not reuse passwords, its ironical that you have a static bitcoin address for donations. (FYI: I already donated, and I'll gladly do it again. This is just a tip)

    "Address reuse" in bitcoin is problematic as it ties together funds in a way that reduces privacy and security for all involved parties.

    Rather, each transaction should always be made to its own address. All modern wallets support this concept. Check out https://btcpayserver.org/ for a free, self-hosted, open source payment processor that is aligned with Bitcoin's (and your own) values of…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  3. Add metadata to describe how password is stored

    People should have awareness about proper security of websites

    Original title: List websites that do not hash passwords, but rather encrypt or store plain text such as einforma.com edpnet.be

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  4. correct PW info ?

    I checked my new long & unique 13 character PW.. got the response of Not Pwned... but also: 'Oh NO this PW has been seen before in a breach'... so which is it?
    I made up 2 more long & unique PWs to test this and still got the same results. How can a previously non-existent just-made-up PW show in a breach !
    I truly appreciate the work your site does, but how can a PW be both safe and compromised at the same time !

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  5. Support for more verification options on unicode domains

    I own an emoji unicode domain, https://⚪🐯.ws. While I can start the verification process, I'm not able to complete verification via email as every email is considered disallowed. DNS TXT verification results in "Catastrophic failure!" (500), as does meta tag validation. File upload results in "No response from domain".

    Interestingly, converting it to Punycode (https://xn--f8h8099n.ws) also doesn't work.

    Edit: Apologies, the TXT record method works when the domain is converted to unicode. I don't believe anything else does though!

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    3 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  6. Add test emails with recent breaches.

    https://haveibeenpwned.com/API/v3 documentation lists test emails but they have old breaches.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  7. I don't know how to 'search sensitive breaches'. I am subscribed. I'm talking about the option listed underneath search results

    So, 1- I got a notification from MyIDCare recently about a breach found Dec 16, 2023. Usually I get a 'pwned' notice as well, but this time I didn't. Just fyi.

    2- When I searched my email pwned gave me the results, and underneath there was an option to 'subscribe to search sensitive breaches'. I am subscribed. I looked around for a search breaches option, but I don't see anything. I assume this is a different function that the main 'search my email' function on the home page. Because you don't need to be subscribed to do that. I assumed…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  8. Add payment methods to allow payment by invoice / purchase order

    Some businesses do not allow purchase by card

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  9. Ignore pastes over two years old

    Ignore pastes that are I suggest more than two years old if the email address hasn't been pwned in that time as it's highly unlikely to become pwned after that time. Leaving it in for a pwned account gives a clue to the source of becoming pwned

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  10. Differentiate hashed and plaintext passwords in the data classes

    Split the "Passwords" data class into "Hashed Passwords" and "Plaintext Passwords", or simply add the new types. This would allow for different actions to be taken based on the breach data. I think the plaintext identifier would be more important as a flag, and it should be used to also signify easily resolved hashes. (Maybe Passwords is the current hashed/encrypted/plain, and Plaintext is when text has been recovered)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    3 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  11. CURL script for documentation

    The API call documentation is not clear. Can you guys just use CURL command line for documentation or Postman?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

  12. Provide an OpenAPI specification

    When a user would like to leverage your API having it advertised in the OpenAPI format make it very easy to understand and leverage.

    There are tool in development which allow the automatic generation of a code based on this spec: https://github.com/OpenAPITools/openapi-generator

    An example of a spec can be seen at https://developer.shodan.io/api. It can be written in json or yml. Here is an example of it in json: https://developer.shodan.io/api/openapi.json

    It allows the creation of attractive interactive docs which can be used to execute the api directly.

    It can be edited and validated in a number of ways
    - online…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
1 2 3 4 6 Next →
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base

(thinking…)