Password Guardian
A Python Tool to Securely Verify Password Integrity
This tool was developed to enhance password security by checking whether a password has been compromised in a data breach.
I built a tool using Python to check if a password has ever been leaked during a data breach using haveibeenpwned without sending the full password to the API. Have I Been Pwned is a website that allows users to check whether their personal data has been compromised by data breaches.
This is what the program does step-by-step:
- The user enters a password(s) through the command line using the sys library.
- A hashed password is generated with a SHA-1 hashing function using the hashlib library.
- The first 5 characters of the hashed password are sent to the haveibeenpwned API using the requests library, and the API responds with leaked passwords from its database that match the starting hash.
- On the local machine, the program checks the response data for a match to the rest of the hashed password and returns if a match exists and how many times the password has been pwned.