My Password Was Pwned 13 Times
Рет қаралды 67,526
Күн бұрынj-h.io/passbolt || Use a password manager to keep all your credentials secure -- my code JOHN-HAMMOND will save 20% off!! j-h.io/passbolt
00:00 - Have I Been Pwned?
01:14 - E-mail lookup
04:58 - Breaches
07:03 - Password Search
11:04 - API
14:07 - Cracking a hash
16:21 - Wrapping up
🔥 KZfaq ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
@apurvaaryan7984 Жыл бұрын
Imagine if you visited the malicious version of have i been pawned? .
@TheOneHong Жыл бұрын
Bruh😂
@_AN203 Жыл бұрын
Then surely you have been pawned... 😂😂😂
@melvinkwan1780 Жыл бұрын
have the same thought initially😂
@tajsec498 Жыл бұрын
then they would say, you have been pawned but in order to delete your email from pawned list enter your password :))))
@demijohn4730 Жыл бұрын
Link?
@KyuVulpes Жыл бұрын
I find it funny that every time I check that site, it says that I've never been pwned. Which is good but also kind of terrifies me, guess I have good security.
@sharmarahul384 Жыл бұрын
I have learned so much from you from your each video. Thank you!!
@MrWhiskey1 Жыл бұрын
I remember way back in the day I'm almost positive it was HIBP that you would type the username or email and it would just tell you all the passwords that were leaked. What in interesting time that was as a kid.
@AidanGeeMedia Жыл бұрын
Yeah it 100% used to do that lol, I think they only changed it in the last couple of years too!
@xeverhack Жыл бұрын
super great content as always, thank you so much 👍
@LuminousWatcher Жыл бұрын
Actually it only sends part of the hash and returns all the hashes that match that part, then the javascript on your machine checks all the downloaded hashes for matches. the complete hash of your password doesn't leave your browser (when I checked haveIbeenpwned at least)
@BryanLu0 Жыл бұрын
He talks about that in the later part of the video
@LuminousWatcher Жыл бұрын
@@BryanLu0 correct. I got to that part about when i submitted the comment
@CharlieG111 Жыл бұрын
You are best inspiration for me bro . 🎉Thanks.
@some1and297 Жыл бұрын
11:38 the line "hack on the code" made me laugh a little bit
@DavidAlvesWeb Жыл бұрын
Great content as always John! Do you recommend using a local or cloud-based password manager?
@bibauer6933 Жыл бұрын
@@helpline395 i can recommend 1password. Look through their algorithm and ways to store information! You will be surprised. :-)
@bibauer6933 Жыл бұрын
@@helpline395 i reported you btw. :)
@dantronics1682 Жыл бұрын
who own the cloud? I assume you own your local computer
@voidvenom7452 Жыл бұрын
As far as ease of use goes, cloud is the way to go. Before selecting a manager, do some research - check if they've been breached. LastPass is the butt of all password manager jokes right now, because they're breached very frequently. As for any uneasiness you might feel about a cloud based manager, 1Password (my choice) uses a secret key that only you possess - not even they have a copy - along with your master password to encrypt your data. Which means you're in control. TL;DR; don't take the advice of some person on the internet, do your own research, and find the manager that you feel most comfortable using.
@Rebouz Жыл бұрын
a lot of computer scientists will say password managers are great because from there you can use really opaque passwords without remembering them. I just googled and it appears about 15 of the biggest password managers have *some* security vulnerability in it thats been confirmed by experts. I'm generally not a fan because it results in single point of failure which in my eyes is bad design, but I'm not an expert in that specific field. would love to have John do a video on that, it could give me a clear answer to whether I can confidently recommend password managers.
@gitit20x2 Жыл бұрын
Why I always use a 2-factor Authentication... Great vids man...
@darkdevil2464 Жыл бұрын
Your content contains quality education and full information, which is don't teach at f****** college, schools. I found your channel during pandemic situation in 2021. Your every video is great..
@yashgoldsmith9810 Жыл бұрын
Great video. Can you please enlighten us on the same way for exposed credential, impersonating domain, unauthorised code commit, expired certificate?
@utensilapparatus8692 Жыл бұрын
Thanks for the infos
@TessaBain Жыл бұрын
I both have and never have. Thus far every account that has been snatched was a throwaway with a password like "opensesame" because I knew I was likely to never return, save one. That other one simply being my work email address, not a password or anything else. Some asshole who left decided to leak the emails attached to the NDA list which to non-Admins only contained a list with a pseudonym, primary email address, position within the company, and date signed. Not exactly useful information that was leaked in that non-throwaway case, in other words. Oddly it hasn't even resulted in any spam in the many years since despite being in multiple pastes.
@HarvestHaven09 Жыл бұрын
Welcome back 🔙
@nightfury20101 Жыл бұрын
i have been pwned 18 times and 1 of them is a club penguin remake
@00Klingon 10 ай бұрын
Haveibeenpwned is also an interesting source of information about someone. You can find out what sort of accounts a person has just by their e-mail address, and things like political leanings and hobbies can be gleaned this way. Most people have no clue.
@mrMamaboy17 Жыл бұрын
This might seem like a stupid question but is salting just never implemented before hashing the passwords?
@laurenlewis4189 Жыл бұрын
Imagine having your password hacked in 2021 only to the be personally called out 2 years later in a youtube video by a security researcher. Christ, Julian, get your life together.
@Finbar_Monroe 6 ай бұрын
when you go on the site, it only gives email format and NOT phone number. How?
@powellpker Жыл бұрын
Even bcrypt now is crackable quite easily upto 30-35% 10-13 rounds.. 8 rounds and lower are very easily crackable today with -a9 attack.. Now 4090s are being used this probably has a greater found rate.
@philipkerr6072 Жыл бұрын
Thanks
@Neuer_Alias_erstellen Жыл бұрын
do you need a fqdn for passbold
@chrisbishop6928 Жыл бұрын
No entry for Nikon or Phreak? :)
@northdemy Жыл бұрын
Can I use the API integrates on my WordPress website??
@PassionataDance Жыл бұрын
Hardware keys are the way forward.
@FalcoGer Жыл бұрын
people shouldn't even be allowed to use password as their password.
@alexthemtaandr211weatherfa2 Жыл бұрын
Does his PC have the automatic not a robot feature
@jimo8486 Жыл бұрын
have u ever thought of 'have i been pwned' do u think they are using that data to hack others?
@librasulus Жыл бұрын
Does anyone know of a password manager that offers password expiration reminder? Or at least you can order your passwords by expiration date? Keepass somewhat offers something like that, but it is not very user firendly.
@almostsomeone9159 Жыл бұрын
Used Norton Password Manager before, they actually are pretty good and offer this and many more in the security dashboard. I still switched to Bitwarden just because it is opensource but Norton is definitely a good option for passwords.
@rygull Жыл бұрын
BitWarden #1 and KeePass #2. There is no #3.
@nordgaren2358 Жыл бұрын
PassBolt isn't bad, actually. It's pretty nice. I use BitWarden for personal stuff and PassBolt for work. I have never used KeePass, though.
@nordgaren2358 Жыл бұрын
I think the worst thing about KeePass, LastPass and PassBolt is their names. 😆 Except LastPass. The worst thing about LastPass is how they lied about their "Zero Knowledge Architecture"
@TessaBain Жыл бұрын
Number one is your own memory and there is no other option.
@nordgaren2358 Жыл бұрын
@@TessaBain No. You won't be able to store a password nearly as strong as a password manager can, in your head. If you keep using regular worded passwords, that means you are at risk of having it cracked. The passwords PW managers generate are almost impossible, if not impossible. Especially if you generate 128 random characters. The only people who have had their actual passwords stolen in the LastPass breach are people with weak master passwords, unless LastPass lied about how their password vaults are encrypted, but I doubt it as it's standard procedure to encrypt the password vaults on the client computer before uploading to the cloud.
@thatonefoxxy Жыл бұрын
I got pwned once, but on old information. it was zap-hosting.....
@sammyfromsydney Жыл бұрын
Use a password manager? Like Lastpass? NO THANKS. Use an OFFLINE password manager.
@nordgaren2358 Жыл бұрын
It doesn't matter if it's offline or online. No passwords were on their server in plain text. You still need the master password to open the password vaults, and if you don't have a strong master password, no password manager will save you.
@diffdimgamerseven9986 Жыл бұрын
on every gmail account i was pwned only once each for some reason
@every-thing-short Жыл бұрын
13 times 😮😮
@lozwindwakerfan4076 Жыл бұрын
Fun Fact: According to have-I-been-pwned, the password 123456 has been pwned 37.509.543 times
@vaisakhkm783 Жыл бұрын
🤣🤣 i alsotested that same number first time i have been using it for years, but never used thier password feild
@lozwindwakerfan4076 Жыл бұрын
@@vaisakhkm783 😂
@zoes17 Жыл бұрын
Wow, that's the same combination on my luggage...
@Cubethe1st Жыл бұрын
Did sublime really opened that File :) or choked sublime
@Max-bp6nz Жыл бұрын
For that kid who is sending replies to send a WhatsApp, we are seeing a video on malicious advices and they still do it (probably a bot ngl)
@nordgaren2358 Жыл бұрын
It's definitely a bot. 😂
@CharlieG111 Жыл бұрын
First like Mr.John
@guilherme5094 Жыл бұрын
👍
@DaxyGamer Жыл бұрын
you do realise that you can use lister by ghisler to open any enormous file in a matter of milliseconds?
@tauseedzaman Жыл бұрын
you know what i mean
@yudishbeeharry8849 Жыл бұрын
For what reason did he add FA271 before the hash ?
@nordgaren2358 Жыл бұрын
Your input to the API is the first 5 digits of the hash, and the API returns the rest of all the hashes that start with those 5 digits, so you have to add the 5 digits back in to the hash for the complete thing.
@Al-kurdi_Al-islam Жыл бұрын
i havent been pwned :>
@Mohamed23471 Жыл бұрын
Guys, anyone here test linux on allienware, dell xps ? Which one is better
@mub1n Жыл бұрын
i got pwned some how ?????????????
@ohrayoe3858 Жыл бұрын
What do you do if your IP address was leaked?
@takipsizad Жыл бұрын
it's likely an dynamic IP : restart the router static IP good question
@jjjannes Жыл бұрын
@@takipsizad If you have a static ip, you likely want your ip to be public, and if not it's kinda irrelevant to leak ips.
@takipsizad Жыл бұрын
@@jjjannes yeah
@randykitchleburger2780 Жыл бұрын
Make sure your firewall rules are good 👍
@ohrayoe3858 Жыл бұрын
@@randykitchleburger2780 good in what ways?
@DayzGone Жыл бұрын
You took the hash and found a password. Is that possible on a rar zip file? I forgot the password to one of my archives
@1stAshaMan Жыл бұрын
Tools exist for breaking into those. Just look around a bit.
@DayzGone Жыл бұрын
@@1stAshaMan I have. The only thing I can find is a brute force password crackers
@randykitchleburger2780 Жыл бұрын
Yes, hashcat can help you crack it once extracted
@nordgaren2358 Жыл бұрын
@@DayzGone that's what John did in the video, He brute forced it with an online tool.
@serpantinthewild Жыл бұрын
7z file with AES 256bit encryption is stronger than rar or zips
@Stopinvadingmyhardware Жыл бұрын
Nope, I am pretty sure it's Apple at this point.
@KwiatekMiki Жыл бұрын
My Password Was Pwned 340 Times!!!
@myname-mz3lo Жыл бұрын
didnt lastpass get hacked? how do i know what password manager to trust?
@1stAshaMan Жыл бұрын
If it's cloud based just assume it's not safe to use.
@librasulus Жыл бұрын
@@1stAshaMan technically you are correct but you have to compromise in our age. Local password managers are impractical / useless when you have 2-3 different devices.
@nordgaren2358 Жыл бұрын
@@1stAshaMan that's not true. Lastpass wasn't safe because they didn't encrypt metadata,. That didn't cause vaults to be opened, though. People passwords are mostly safe, except for those who have a weak master password. It had nothing to do with them being on the cloud.
@mthia 9 ай бұрын
i just created my own password manager
@thenormalminecrafter2720 Жыл бұрын
1000th like
@classiquai Жыл бұрын
enough of this cyber bs Ed Sheeran, when is your next song coming?
@stefan3816 Жыл бұрын
9:22 was an awful sound and so loud, hence the dislike
@stefan3816 Жыл бұрын
Other than that, I love your content
@1stAshaMan Жыл бұрын
I'm going to assume the record-scratch sound was worse on either mobile or in headphones. It sounded pretty normal on pc speaker.
@rapturas Жыл бұрын
Oh look, it's 2013 again 🙄 Unsubscribing!
@kiyu3229 Жыл бұрын
Wtf
@UNcommonSenseAUS Жыл бұрын
Imagine if have I been pwned Waa owned by a bad actor, or your CPU, gpu, soc's, router was pre backdoored by some bad actor located next to a country thst rhymes with gallestein. Everything you own is hardware backdoored. The war is already lost.
@akanshagoyal8594 5 ай бұрын
आइओ🧌🧟🧌🧟🧟😀
سكتشات وحركات
Рет қаралды 17 МЛН