View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 7, 2018

Github Will Raise a Red Alert if Your Password has Been Exposed Elsewhere

If you have been pwned, Github will be the first to tell you.

By CBR Staff Writer

Github has revamped its security systems to issue warnings to users when their passwords have been exposed online through other services.

The code repository has recently partnered with Have I Been Pwned, a search engine operated by security expert Troy Hunt to give the general public a way to quickly discover whether or not their online accounts and passwords have been exposed.

The online service brings together records from public datasets and record dumps which have been released online.

In 2012, LinkedIn suffered a severe data breach in which, four years later, it was discovered that 167 million user records had been stolen. It was this data breach which, arguably, heightened the popularity of Have I Been Pwned and brought to light the issue of re-used passwords, which can be weaponised by attackers to compromise other online accounts and services.

Two-Factor Authentication

Two-factor authentication (2FA) is another layer of security which can be added to many online accounts to lessen the risk of compromise even if the same password is in use elsewhere.

But with so many online systems protected by nothing more than a password which may be reused or exposed elsewhere, and users choosing not to enable 2FA, notifying account holders of potential compromise is a critical step towards better security.

Github has already enabled 2FA and now, through a relationship with Have I Been Pwned, will notify users when their password has been compromised elsewhere.

Content from our partners
Powering AI’s potential: turning promise into reality
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How businesses can safeguard themselves on the cyber frontline

Read our earlier reporting on 2FA and the scary number of companies not utilising it

Hunt allowed Github to download the full Have I Been Pwned record repository, which currently stands at roughly 517 million records.

“Using this data, GitHub created an internal version of this service so that we can validate whether a user’s password has been found in any publicly available sets of breach data,” the company says.

Now, Github account holders that are using compromised passwords are being made aware of the fact and will be prompted to select new credentials during login and registration.

GitHub recommends that users enable 2FA to enhance their account security. Users should also consider signing up for Have I Been Pwned notifications which will automatically alert you if your email address has been detected in a new data breach.

Topics in this article : , , , , ,
Websites in our network
The New Statesman Press Gazette Spears World of Fine wine Elite Traveler Leadmonitor
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU