GitHub Community
Password reset #179699
-
Select Topic AreaQuestion BodyI used the GitHub password on a few more services for a long time and now it was forced to reset because it is in "a list of passwords commonly used on other websiteslist". How did GitHub know? What does it mean? |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments
-
|
GitHub checks passwords against known compromised password databases to protect accounts. GitHub forces a password reset when it detects that your password appears in public breach databases, meaning it has been exposed somewhere on the internet even if not from GitHub itself. They do this by securely hashing your password and comparing it against large compromised password lists, without ever seeing your actual password in plain text. |
Beta Was this translation helpful? Give feedback.
-
|
@CashDiver Hi. when you log in or set a password, GitHub securely hashes the password and checks it against public databases of known leaked passwords (for example, HaveIBeenPwned). GitHub will force you to reset it to protect your account from credential-stuffing attacks. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
It's a good news although they don't make me happy. I understand, thanks a lot. |
Beta Was this translation helpful? Give feedback.
-
|
Hello @CashDiver This simply means your password was exposed somewhere in the past and is no longer secure. Please mark the discussion as solved✅. |
Beta Was this translation helpful? Give feedback.
-
|
It's a good news although they don't make me happy. I understand, thanks a lot. |
Beta Was this translation helpful? Give feedback.
-
|
GitHub utiliza un sistema de verificación proactiva para proteger tu cuenta. Cuando estableces o modificas tu contraseña, GitHub aplica un proceso de seguridad que compara una versión cifrada (hash) de tu contraseña con bases de datos globales de credenciales comprometidas. Estas bases de datos recopilan información de filtraciones ocurridas en diversos servicios a lo largo del tiempo. ¿Cómo funciona exactamente? Tu contraseña se convierte en un hash seguro antes de cualquier verificación Este hash se coteja con listas de contraseñas expuestas en incidentes de seguridad Si se detecta coincidencia, GitHub solicita el cambio por prevención Lo importante: Esta medida de seguridad, aunque pueda resultar inconveniente, es una protección efectiva contra intentos de acceso no autorizado que utilizan contraseñas conocidas. |
Beta Was this translation helpful? Give feedback.
GitHub checks passwords against known compromised password databases to protect accounts. GitHub forces a password reset when it detects that your password appears in public breach databases, meaning it has been exposed somewhere on the internet even if not from GitHub itself. They do this by securely hashing your password and comparing it against large compromised password lists, without ever seeing your actual password in plain text.