Troy Hunt and

Steve Cassidy has found a tech hero of late, in the form of Troy Hunt, the guy behind

security key on keyboard

The real cost of being a good guy in the password database theft saga:

I could get to be quite a fan of Troy Hunt. He's not a character in a BBC time-travel detective action throwback drama. He's a computer scientist, and the man behind which is a handy site, into which you can type your various online usernames and email addresses, to see if they are implicated in any of the 20-odd security database loss incidents which are such a regular part of the mainstream news in late 2014.

I would hope that IT Pro readers don't need the usefulness of such a site spelling out to them: if you know someone who does, just send them over to this article where the reasons to be careful and the ramifications of using a reputable source to do your checking are discussed in detail. The only minor hint on this topic for IT Admin types is that the problem of humans re-using the same user/password pairs on multiple sites goes for work computer logins too. If someone uses P00dle97 for their Amazon account then they re quite likely to use it for their work login too.

But that's a minor side-issue. The main event, to my mind, is the hugely detailed and very carefully thought-out blog that Troy has posted about his life as the webmaster of the havibeenpwned site, which is hosted almost entirely on Microsoft Azure. Because he gets big (and I mean: big!) traffic spikes every time the whole password-hack thing hits the headlines, he's got a really nice, uncomplicated case study in what it actually means for a businessperson to run a site that they have to pay more for, the more it's used. If you are minded to dive in to his detailed findings, then you can read through them here: 

Advertisement - Article continues below

Two conclusions strike me almost straight away. The first is, I hope he doesn't have to pay a bean out of his own pocket to provide this global public service: If Microsoft have any PR smarts at all they should announce that he's a lifetime free Azure user, at the very least.

The second is that it's almost impossible to imagine a scenario where the same transparency of reporting of the whole of the exercise from the sources of the lists, to the databases used to secure his "white hat hacker" copies, to the way he codes the queries and then doesn't keep the data from the names that have been tested could be presented in such an easy win-win fashion. There's no part of this in which the usual commercial secrecy and corporate Wise Monkey approach serves anybody's interests, and that makes for a much more persuasive and followable demo of Azure and the monitoring tools he's using, than any number of empty examples.

Job well done, sir.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now



Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019