Hi
I wanted to know if the password check feature whcih checks each password (in free version) and the valut report (exposed password report for paid users) - does it only check for the password or also checks username+password combination. As an example the Google password check feature checks for the combination.
Is one better than the other?
Hello,
For more information, please visit Vault Health Reports | Bitwarden Help & Support
Yes sure I read that.
Still not clear hence wanted to check and get views
Anyone who could throw some light on this?
It most likely sends the beginning of the hash to check if it matches anything in a leak. If it does, the server sends back all matching hashes, enabling the client the do a local lookup.
Thanks
I read bout k-anonymity and how it only sends a hash
But if it gets a positive hit (I.e., the password was identified as having been compromised in a breach) does it flag it as such without checking the username? Logically, if the username was not identified in the breach, then the risk is low since the actual username associated with the particular compromised password could be different.
Example
www.hackedwebsite.com
Username: leaked-username
Password: leaked-password
www.NOThackedwebsite.com
Username: NOT-leaked-username
Password: leaked-password
Only the first one should be flagged by BW. But it flags both.
Am I correct?
It checks the password, not the combination of username and password.
thanks! good to know