Methodical Snark critical reflections on how we measure and assess civic tech

password security tools in an age of constant breaches


I keep a fairly close eye on Pindrop’s On the Wire and the Hacker News, which means I’m bombarded by a constant stream of news about hacks and exploits and data leaks.

I’m also lucky enough to get notified whenever one of them affects me, thanks to the Have I been pwned?, which crosschecks your email against the lists of any hacked credentials made public, then sends you a notification if your credentials were hacked, together with some minor details about what it means. It’s run in the guy’s free time, and if you use it, you can donate beer, movie tickets or a dinner with his wife to keep it going.

I have the above for my legacy accounts, but I also use Blur, which allows me to have individual login credentials (username and pw) for all my online accounts (I’ve got about 4oo), plus a handful of other nifty masking and anti-tracking tools. The nice thing about this one is that if one of those credentials does get compromised, it’s not used anywhere else, so after securing that service it doesn’t much matter. Of course it’s all in the cloud and serviced by browser java script, so I don’t keep sensitive credentials there, but it’s nice for the low key stuff.

These two services are incompatible, but they’re a great team, and every time I see something like this, it just feels good.

Add Comment

Methodical Snark critical reflections on how we measure and assess civic tech


Get in touch

Suggest research to be reviewed or mini-lit reviews. Ask questions or tell me why I'm wrong.