2 min read

Upcoming Firefox feature could warn users when their password gets stolen

Filip TRUȚĂ

November 27, 2017

Upcoming Firefox feature could warn users when their password gets stolen

Mozilla is piloting a program with the aim to introduce a feature in Firefox that will notify users when their credentials may have been leaked or stolen in a data breach.

In a GitHub repo set up for the initiative, Bengaluru, India-based Mozilla developer Nihanth Subramanya explains the reasons behind the “Breach Alerts Prototype” and how his company would like to tackle the issue.

Data breaches have become common, and everything from email addresses and passwords to credit card details and personal information can be leaked or stolen by bad actors, Subramanya argues.

“As they [data breaches] grow more frequent, it’s desirable to keep track of them and communicate about them to Web users when their credentials may have been compromised, and educate them on the repercussions, what they can do when such a breach occurs, and protect themselves in the future,” the developer says.

To kickstart the project, Subramanya proposes using a typical browser extension as a “vehicle” for prototyping an interaction flow behind a graphical user interface. Mozilla is teaming up with haveibeenpwned.com as its data source.

Created by Microsoft staffer Troy Hunt, “have i been pwned?” is a free tool that lets anyone check if their online credentials may have been compromised.

If successful, Mozilla will consider introducing the Breach Alerts function as an addition to Firefox. The component – whether baked into the browser itself or released as an add-on – will supposedly notify users when their credentials may have been leaked or stolen.

The full scope of the project also includes teaching users about data breaches (i.e. a “learn more” link in the notification), and a way to opt into a service that alerts the user when they may be affected in the future. Subramanya is the first to admit that at least the final goal might be hard to attain:

“The third goal brings up some privacy concerns, since users would need to supply an email address to receive notifications,” he said. “Who is the custodian of this data? Can we avoid sending user data to haveibeenpwned.com? Can we still offer useful functionality to users who opt out of subscribing their email address?”

Despite these concerns, Mozilla aims to offer “as much utility as possible while respecting the user’s privacy.”

It will be interesting to see how the project unfolds. Those of you interested in the progress of Breach Alerts Prototype can track it here.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read