When you choose a LivePlan password, we check against Have I Been Pwned (HIBP), a popular database of passwords known to have been exposed in data breaches by other companies. As part of our commitment to keeping your account secure, we do not allow the use of these passwords since it is easy for bad actors to use compromised passwords in impersonation attacks.
In this article:
- Why we use this resource for password checks
- How we protect your privacy in the process
- Tips for creating a strong password
- If your password is flagged
Why we use this resource for password checks
Have I Been Pwned (HIBP) is a trusted, comprehensive database of breach data that helps users and services worldwide stay aware of compromised credentials. By checking your password against this database, we aim to:
- Prevent Unauthorized Access: A password known to attackers is more susceptible to being used in unauthorized login attempts. We want to ensure your chosen password isn't among those.
- Encourage Strong Security Practices: Highlighting the importance of unique, strong passwords helps us all build a safer internet.
- Maintain Transparency: We believe in keeping our security measures transparent, showcasing our dedication to your privacy and security.
How we protect your privacy in the process
- Hashed and Partial Data: When we check your password with HIBP, we only send the first five characters of its SHA-1 hash. This partial data cannot be used to reconstruct or guess your password. Hashing is a one-way process that converts your password into a unique string of characters, making it unreadable without the original input.
- Secure Transmission: Any data sent to HIBP for checking is transmitted securely, ensuring your privacy is maintained throughout the process.
- No Password Storage: We do not store your password or the hash used to check with HIBP.
Tips for creating a strong password
A strong password is your first defense against unauthorized access. By following our recommended guidelines, you can significantly enhance the security of your account.
- Mix letters, numbers, and symbols.
- Avoid common phrases and predictable sequences.
- Use a password manager to generate and store complex passwords.
- Opt for passwords with at least 12 characters.
- Ensure each password is unique to each account.
If your password is flagged
When you sign in to your LivePlan account or change your password, you may receive a message indicating that your password has been compromised in a known data breach:
Selecting a new password using the tips provided above can help improve your account's security. Moving forward, a service like Have I Been Pwned can help monitor your email address for potential breaches, providing you with alerts if your information is found in a database of compromised accounts.
Your security is our priority. Seeing a warning about a password can be concerning, but it's a step towards ensuring the integrity of your account. In collaborating with services like HIBP and adhering to strict privacy protocols, we strive to offer a secure, transparent user experience.