[New FREE Plugin] Pwned Passwords - Check passwords against data breaches

Hi all,

Just letting you know that I’ve published my first plugin to the plugin store!

It’s free and super easy to implement in your Bubble projects. It enables you to protect the privacy of your users by ensuring that their passwords have not been compromised in a previous data breach. For example, you can easily modify your sign-up process to ensure that your user entered passwords have not been breached before signing them up.

If you are collecting private information from your users, protecting this information is vital for both your business and customers.

Plugin page
Live demo page

Why use it?

Password reuse is very common, and exposed passwords are at much greater risk of being used to take over user accounts.

Even passwords that meet the usual password strength criteria can be common and exposed in many breaches. For instance, the word “P@ssw0rd” (containing upper case, lower case, number, symbol and 8 characters) has appeared in over 50,000 breaches! Many users use character to symbol substitution which makes this strength criteria meaningless.

In 2017 the United States National Institute for Standards and Technology (NIST) recommended that user provided passwords are checked against existing data breaches.

How does it work?

Passwords are checked against over half a billion passwords that have been exposed in previous data breaches via the Have I Been Pwned Passwords API. The source password is protected in transmission by only sending a partial hash of the password, using the k-Anonymity model.
Further information is available at: https://haveibeenpwned.com/API/v3#PwnedPasswords

I hope you enjoy it! Any feedback or questions, please don’t hesitate to PM me or post a message on this thread :grinning: