146
TIL: Besides offering a free compromised email check, haveibeenpwned.com also offers a free password compromise checking service (It's also fun to see what weird passwords have been used/leaked.) (haveibeenpwned.com)
submitted 13 hours ago* (last edited 1 hour ago) by TehBamski@lemmy.world to c/til@lemmy.world
44 comments fedilink hide all child comments

Nerdy leaked passwords:

Treebeard - "This password has been seen 1,207 times before in data breaches!"

NedStark - 20 times

CerseiLannister - 30 times

youknownothingjonsnow - 61 times

PicardIsSexy - 0 times (!The_Picard_Maneuver@piefed.world you're safe. ;)

edit:

Gandalf1 - 53,478

Gandalfthewhite - 51

sexygandalf - 6

NSFW leaked passwords:

spoilerbigdick - 178,712 (!?!)

bigpussy - 9,226

longpussy - 26

longdick - 10,762

wetpussy - 61,575

wetdick - 579

twat - 6,588

dickhead - 201,942

Blueballs69 - 520

Weird leaked passwords:

BillClinton - 378

DonaldTrump123 - 792

youwillneverguessmypassword - 390

redgreenblue - 2,040

123qweasdzxc - 1,010,515

poopstick - 6,845

((More to come later))

you are viewing a single comment's thread
view the rest of the comments
[-] Darkassassin07@lemmy.ca 59 points 12 hours ago* (last edited 12 hours ago)

For those worried about inputting a password into a tool like this, they've actually done a great job keeping your pass secure.

Passwords entered on this site do not get transmitted to the server. Instead, they are hashed, then only the first half of the hash is sent to the server. The server replies with a list of every password hash they've found in leaks that match the partial hash you sent them. Your computer then looks through the list and tells you if the password you entered (which was kept on your pc, not transmitted) exists in that list.

From Haveibeenpwneds perspective; they sent you a big list of potential matches, but don't know which one if any actually matches your password, because they were never given the full hash, let alone the raw password.

There's even an open-source script you can run that does this within a console instead of a browser. Or, you can download their whole password DB via their github tools, then check it entirely offline.

[-] thejml@sh.itjust.works 9 points 12 hours ago

So, a malicious JavaScript library update then...

The open-source local script might be better, I'll have to check into that!

[-] Darkassassin07@lemmy.ca 15 points 12 hours ago

You could say the same about every password entry field; but that's why there are local/alternative options here.

this post was submitted on 05 Feb 2026
146 points (99.3% liked)

Today I Learned

27818 readers
936 users here now

What did you learn today? Share it with us!

We learn something new every day. This is a community dedicated to informing each other and helping to spread knowledge.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must begin with TIL. Linking to a source of info is optional, but highly recommended as it helps to spark discussion.

** Posts must be about an actual fact that you have learned, but it doesn't matter if you learned it today. See Rule 6 for all exceptions.**

Rule 2- Your post subject cannot be illegal or NSFW material.

Your post subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding non-TIL posts.

Provided it is about the community itself, you may post non-TIL posts using the [META] tag on your post title.

Rule 7- You can't harass or disturb other members.

If you vocally harass or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.

Partnered Communities

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

founded 2 years ago
MODERATORS
Rooki@lemmy.world
_MoveSwiftly@lemmy.world
Thekingoflorda@lemmy.world
DriftingDeep@lemmy.world
ericisshort@lemmy.world
Decoy321@lemmy.world