It shows you a vertically scrolling timeline (with logos and blurbs) of all the data breaches that have exposed your email. How delightfully horrifying.
Why not just use different passwords for different things. I'd recommend something like privacy.com so you can generate a bunch of one-use cc cards when doing shopping on sites you don't trust and the like.
Also don't willingly give up valuable personal information unless it's absolutely necessary, it's also not illegal to give online services outright false information (incorrect birthdates for example) which, in the event of a future data breach of that service, now at least those who would plan to benefit from your personal information might have some difficulties resetting important accs and the like.
You just gotta be smart, it's not about being powerless, HIBP and the service is just one tool to make you aware of what's out there before it gets used against you. (I would highly recommend setting up notifications for important e-mail addresses)
Application specific credit card numbers really needs to be a legally required thing.
My card has been skimmed a couple of times and by far the most annoying part of the experience is having to reset and update regular accounts with the new number.
Of course for online purchases the whole flow here should be inverted: businesses should just be registering against my payment provider directly, no account numbers involved (under the hood maybe have it be managed by ED25519 public keys for identity?)
EDIT: while we're at it, why even have persistent numbers for in person cards? Let me tap it against my phone, invalidate the stored key from that time on, and generate a new one.
> Application specific credit card numbers really needs to be a legally required thing.
My latest card (debit) one has a feature I've not seen elsewhere, but I think kind of solves that too. It has a new CVC number every 10 minutes, which I kind of both hate and love. Love it for the obvious reasons of "not even having the physical card lets you use it digitally" but also because I cannot have it 100% in my password manager, I have to use the banking app to get the latest CVC code when I need it.
I’ve want a physical one of these that changes both the CVC and the entire 16-digit number. Heck let the name submitted with the number be a longer checksum that can be verified at point of sale to figure out who’s actual account it is.
Plus then my gibberish name on my card number will match the gibberish secret question answers.
> Heck let the name submitted with the number be a longer checksum that can be verified at point of sale to figure out who’s actual account it is.
That's going to be one hell of a lot of an issue in practice. Hotels, car rentals and AFAIK even some airlines want that the name of the card holder matches the name on the ID card.
Wish it was so easy, some websites have decided they like lower security, especially for some reason, my banks. Banc Sabadell in Spain for example, only does 2FA via SMS (famously insecure) and your password is limited to 6 numbers, and accepts nothing else.
This thread isn't about data in general, only passwords. So first of all, a strong password is much harder to crack in the instance that it's stored in a hashed form in the database. In the instance it's stored (unforgivably) in cleartext, it cannot be used, because an additional factor is required to authenticate. That is how exactly.
