New features in user portal

We have increased the password security in the most recent version of our user portals. If you set a new password, it is automatically tested against the password database of “Have I been pwned”. First, your password “test” is transformed with SHA-1 hash function to “a94a8fe5ccb19ba61c4c0873d391e987982fbbd3”.

Then, the first five characters “a94a8"of this hash are sent to “Have I been pwned”. This service replies with a list of possible matches from databases that are used by password crackers. Lastly, our user portal checks if there is an actual match and shows you a warning if necessary.“Have I been pwned” never sees your actual password, parts of it or your IP address. Other software also offers this functionality. The integration with a password manager like KeePass or Pass is especially useful.

Our user portal now supports the languages English, German, Spanish, Portuguese and Bokmål. You should be automatically redirected to the applicable language or you can choose it in the upper right. Please help us to improve these translations or add new ones at Weblate!