Google Chrome Password-Breached Warning

24-Dec-2019 bugs, name-and-shame, password, security 0 222 views

On Sunday (Dec 22nd), I was visiting MyIndihome website to check my household’s internet usage when suddenly Google Chrome prompted this:

Upon clicking the [Check Password] button, Chrome shown me how many websites which my password could be breached.

Since I stored my password in Chrome, it actually knows the passwords that I’m using on many sites. I speculates that Google is utilizing Troy Hunt’s Have I been pawned? API to check if a password has been breached.

So I spent the whole Sunday resetting my password on some websites that I deemed important. Websites that didn’t store my personal information or have no financial risks were excluded from this password reset exercise. Online shops and online hotel/flight booking websites were the first websites that have their password reset. I simply don’t want to have fraudulent purchases/orders billed to my bank account.

My habit of using the same password is partly why I wasted my Sunday. You see, I have 3 passwords. The least complicated one is for websites which have no financial risks like forums and free/trial online services. The slightly complicated password is for websites which stores my credit card/bank account information like online shops and travel/hotel booking sites. The most complicated one is for my google/facebook accounts which basically controls all my other accounts.

After resetting passwords in many websites, I found a few websites which have the worst User Interface to reset password. Let’s learn from their mistake and not to repeat it in our future projects.

Alphanumeric only password

We’re not in the 90’s anymore. We shouldn’t limit the password to alphanumeric only because it will be easier to brute-force.

Missing input fields

MyIndihome expect you to enter the Two Factor Authentication (2FA) token, but the input field is missing. Hence, resetting password becomes impossible. Excellent job! 😀

Hide the reset password function in a non-standard place

When I clicked my username in Qoo10 website, I expected to find the reset password there. But apparently reset password function is hidden inside My Qoo10 -> My Inquiry -> Personal Info.

GD Star Rating
loading...

Google Chrome Password-Breached Warning, 4.0 out of 5 based on 1 rating

About Hardono

Howdy! I'm Hardono. I am working as a Software Developer. I am working mostly in Windows, dealing with .NET, conversing in C#. But I know a bit of Linux, mainly because I need to keep this blog operational. I've been working in Logistics/Transport industry for more than 11 years.

SODEVE