mirror of
https://github.com/home-assistant/home-assistant.io.git
synced 2025-05-01 16:57:34 +00:00
93e7236b24
Co-authored-by: Fabian Affolter <mail@fabian-affolter.ch> Co-authored-by: Franck Nijhof <git@frenck.dev>
1.0 KiB
1.0 KiB
| title | description |
|---|---|
| Pwned passwords and secrets | More information on detected pwned secrets in Home Assistant. |
We are using the Have I Been Pwned (HIBP) service for detecting leaked or compromised secrets, like passwords.
If you get a warning about it, it means that you are using secrets in your configuration which have been leaked and are publicly known. It is strongly advised to change these secrets with a more secure alternative as soon as possible.
Please note; this feature does not send out your secrets to check this. Your secrets and privacy is guaranteed by a K-Anonymity. Your secrets are hashed, the first 5 characters of the hash result are used to query Have I Been Pwned. Have I Been Pwned returns the results of possible password hashes that match, we check the last part of the password hash against this list locally.