Troy Hunt and havibeenpwned.com

Steve Cassidy has found a tech hero of late, in the form of Troy Hunt, the guy behind havibeenpwned.com...

security key on keyboard

The real cost of being a good guy in the password database theft saga: haveibeenpwned.com

I could get to be quite a fan of Troy Hunt. He's not a character in a BBC time-travel detective action throwback drama. He's a computer scientist, and the man behind http://havibeenpwned.com which is a handy site, into which you can type your various online usernames and email addresses, to see if they are implicated in any of the 20-odd security database loss incidents which are such a regular part of the mainstream news in late 2014.

I would hope that IT Pro readers don't need the usefulness of such a site spelling out to them: if you know someone who does, just send them over to this article where the reasons to be careful and the ramifications of using a reputable source to do your checking are discussed in detail. The only minor hint on this topic for IT Admin types is that the problem of humans re-using the same user/password pairs on multiple sites goes for work computer logins too. If someone uses P00dle97 for their Amazon account then they re quite likely to use it for their work login too.

But that's a minor side-issue. The main event, to my mind, is the hugely detailed and very carefully thought-out blog that Troy has posted about his life as the webmaster of the havibeenpwned site, which is hosted almost entirely on Microsoft Azure. Because he gets big (and I mean: big!) traffic spikes every time the whole password-hack thing hits the headlines, he's got a really nice, uncomplicated case study in what it actually means for a businessperson to run a site that they have to pay more for, the more it's used. If you are minded to dive in to his detailed findings, then you can read through them here

Two conclusions strike me almost straight away. The first is, I hope he doesn't have to pay a bean out of his own pocket to provide this global public service: If Microsoft have any PR smarts at all they should announce that he's a lifetime free Azure user, at the very least.

The second is that it's almost impossible to imagine a scenario where the same transparency of reporting of the whole of the exercise from the sources of the lists, to the databases used to secure his "white hat hacker" copies, to the way he codes the queries and then doesn't keep the data from the names that have been tested could be presented in such an easy win-win fashion. There's no part of this in which the usual commercial secrecy and corporate Wise Monkey approach serves anybody's interests, and that makes for a much more persuasive and followable demo of Azure and the monitoring tools he's using, than any number of contoso.com empty examples.

Job well done, sir.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021