passw0rd

🔑 securely checks a password to see if it has been previously exposed in a data breach

CLI 💻

• Keeps your password hidden
• Clears your clipboard automatically

Installation 🚀

Ensure you have Node.js version 5 or higher installed. Then run the following:

$ npm install --global passw0rd

Checking your password 🔍

$ passw0rd

API 📝

Installation

$ npm install passw0rd

Usage

const passw0rd = require('passw0rd');
 
passw0rd.check('passw0rd').then(res => {
    console.log(`Password was found ${res.count} times`);
});

Browser

Run the following command to get UMD version of the library under the dist folder

$ npm run build

<script src="https://cdn-path/dist/passw0rd.js"></script>

You can find the library on window.passw0rd. A very simple POC is available at browser.html

How it works ⚙

Pwned Passwords has implemented a k-Anonymity model that allows a password to be searched for by partial hash. This allows the first 5 characters of a SHA-1 password hash (not case-sensitive) to be passed to the API.

GET https://api.pwnedpasswords.com/range/{first 5 hash chars}

passw0rd is using Pwned Passwords API which searches through a database of more than 500 million passwords collected from various breaches.

Todo

• Add CLI Help Menu
• Add Icon / GIF
• Add babel
• Reduce bundle size using webpack
• Write unit test cases
• Improve performance for browser api
• Improve browser POC
• Move cli/lib to a different repo
• Add security checks
• Add to node-awesomejs

FAQ - Why is it named passw0rd? 💫

passw0rd is one of the most commonly used passwords and has been found 200297 times in various data breaches!

See Also

• Active Directory - Checking for Breached Passwords in Active Directory
• 1Password - Check your 1password exported passwords

License

MIT © Dheeraj Joshi