Have I Been Pwned – Is my password secure?

How secure is my password? Has my password ever been hacked? Is my data secure? Everyone has certainly asked themselves these or similar questions at some point. Cybercrime is increasing noticeably year by year. It is therefore advisable to choose a password, that is as secure as possible.

But how do I know how secure my chosen password actually is?

In order to further increase the data and password security of our users, a query will be sent to the "Have I Been Pwned" web service every time you attempt to change your password via www.tu-braunschweig.de/it/passwort-aendern from now on. If the password is already known, you will have to think of another one for security reasons. Checks are made against a huge database with currently over half a billion entries. This database is largely fed by data leaks from prominent hacks, some of which have also been publicised in the media.

Please WHAT? My password is being passed on to a third-party website?

Of course, your password will not be passed on to "Have I Been Pwned", neither in full nor in plain text. Our "Change password" page first encrypts the chosen password into a 40-character string using a cryptographic hash function. Then only the first 5 characters of this password hash are passed on to "Have I Been Pwned". An interface then determines all hashes beginning with these 5 characters and sends them back to our "Change password" page. This allows the hash of the newly selected password to be compared and, if it matches, to be categorised as insecure.

You can find further information on the Heise online Website:https://heise.de/-3985804

Our existing password guidelines will of course continue to apply.