Skip to content

Antonios Chariton

← Customer feedback for Have I Been Pwned

My feedback

4 results found

  1. Allow a family member to accept sending notification to someone else.

    95 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    6 comments  ·  General  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    Antonios Chariton commented  · 

    I think in order to implement that, all sensitive reports would have to be left out, plus the original victim should also get an e-mail with a clearly visible red banner in the top "This e-mail has also been sent to Troy <troy@hunt.com>."

    Antonios Chariton supported this idea  · 

  2. Enable search and notifications for email addresses using the "+" syntax

    2,571 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    113 comments  ·  General  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    Antonios Chariton commented  · 

    From your blogs I think you are using a Key, Value data structure, which means when a query comes, your data store needs an exact *key* to find the value (if it has been breached or not). That's probably the best data structure for HIBP since it can scale infinitely, however it will not allow you to query troy+*@hunt.com.. I guess the only way to address that is to either canonicalize the data as you add it, by removing everything after "+" (or ".", or "-"), which means this will only work with new data sets, or change the table schema / contents of "Value", which is very unlikely to happen.. Another solution would be to create a new "table" with all e-mails with "+", ".", or "-", and then query both when someone requests information, only that this time you format the "Value" of those "Keys" accordingly.. Although it may seem like a lot of work, the earlier it is done, the better it will be as it will include more datasets..

  3. Allow root domain to verify subdomains

    136 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    8 comments  ·  General  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Antonios Chariton supported this idea  · 

  4. Have a page with mitigation directions for the technically challenged.

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    Antonios Chariton commented  · 

    Typically, when an account is breached, it is recommended to change your password there immediately, if not done already by the provider, and then change your password to every service in which you used the same one.

    In general, a safe practice is to have a different password in every website, that is difficult to predict if one is compromised. For example, while "apq3984!#$dDF-adobe" is a good password in general, if an attacker can read it in the clear, then they will try "apq3984!#$dDF-ebay" on your eBay account, etc. Since managing so many passwords is not easy, it is recommended to use a Password Manager, like 1Password.

Feedback and Knowledge Base

(thinking…)