Question 1

How do I automate checkpwn for daily security audits?

Accepted Answer

Use cron jobs or task schedulers to run 'checkpwn acc' with a .ls file containing email accounts. Ensure your API key is registered in checkpwn.yml to avoid interruptions during scheduled runs.

Question 2

checkpwn vs using the HIBP website directly – which is better for teams?

Accepted Answer

Checkpwn is better for automating batch checks and integrating into scripts, but the HIBP website offers a user-friendly interface with detailed breach descriptions that checkpwn lacks for manual reviews.

Question 3

Can checkpwn check passwords securely without exposing them?

Accepted Answer

Yes, it uses HIBP's API which requires sending a hash of the password, protecting plaintext exposure. However, it still relies on network communication and HIBP's service availability.

Question 4

How to handle if checkpwn fails due to HIBP API downtime?

Accepted Answer

Checkpwn has no built-in offline caching or retry logic; failures will occur if the HIBP API is unavailable. Users need to implement external error handling in their scripts.

Question 5

Does checkpwn support checking for breaches in specific domains or organizations?

Accepted Answer

No, based on the README, checkpwn only checks individual email accounts and passwords, not domain-wide breaches or organizational monitoring features.

Question 6

How to update the API key if it expires in checkpwn?

Accepted Answer

Run 'checkpwn register' with the new API key; it updates the checkpwn.yml file automatically, but you must manually trigger this command when keys change.

checkpwn

What is checkpwn?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions