Use Data Breach !
It’s been a while since I wrote an article on medium , so let’s talk about a sensitive subject , few days ago there was another data breach . and almost 773 Million Record are available now on the net .
There is a chance your credentials will be in this collection #1 and as you know most of people will not have tech background or be familiar with the concept of credential stuffing and this may cause a lot of damage .
If you would like to read more about this news check out this article because I’m not going to talk about the news but I want to find a solution for this issue and it will be great to open a discussion between us so we can share ideas.
My idea is simple but I don’t know if It’s legal ?
So , let’s assume we have data breach and we can access to these piece of information.
So What ?
1- I will store the data in safe place .
2 - I will implement an API for websites ( How it works ? ) .
They can use it in the registration page . When the user try to signup , we will send the credential to our app first to verify if these combination of email & password already exist , if YES , the user should choose another password otherwise the registration process is done as usual .
What I did so far ?
- I created a table where we can store the data : email & password for example :
- After that I integrated laravel api key package in order to authorize requests to my app with API keys .
- After , I implemented this simple function to check if the email and password exist !
- My route /api.php attached to my auth.apikey middleware .
- In case of email & password exist :
- Ready to go :
https://haveibeenpwned.com/ provides API ! You need to check it out .