In efforts to ensure that Firefox users feel more secure as they browse the web, Mozilla has launched Firefox Monitor, which notifies users if their account’s security has been compromised.
Mozilla has done this by incorporating Firefox Monitor with the web service I Have Been Pwned, which ensures that users get the chance to check if their accounts have been hacked quickly.
Users can enjoy this new benefit by keying in their email address.
Firefox Monitor
Mozilla first introduced the Firefox Monitor project over the summer. And after a few months of testing, they launched Firefox Monitor as full service last week.
In a blog post by Mozilla outlining this service, the web tech corporation details that they have decided to address a steadily growing need for security in establishing Firefox Monitor.
The blog also outlined that this anticipated security tool—which is purposed for everyone although it offers bonus features for Firefox users—will allow visitors to the Firefox Monitor website to check whether their accounts were part of those in identified data breaches as well as the type of data that was exposed in the various breaches.
This the users can do by entering their respective email addresses.
In short, the service monitors the web to check whether your email is involved in a data dump—a process completed through the Have I Been Pwned service.
If your email address has in fact been compromised, this new feature will subsequently send you an alert message into your inbox.
To guarantee the security of your email address as you are browsing Firefox Monitor to identify whether your data has been compromised, Mozilla has outlined that they have anonymized your information.
What’s more, Mozilla also claims that it does not send your entire email address to any third parties outside beyond Mozilla.
They use hashing prefixes for email lookups to ensure that your information remains secure.
Troy Hunt, a security researcher and the founder of Have I Been Pwned, outlined in a blog post earlier this year that when a user is searching the service for a password, it is hashed by the client SHA-1, which takes the initial five characters and subsequently sends this to the API.
This is followed by a series of hashes being returned which match that particular prefix (average of 477). The hash prefix sent to the primary service conceals the password, thus making it unidentifiable.
The password could either be part of the 477 or something completely different.
Although Hunt outlined that it is possible to speculate what a password is based on each password’s prevalence, he, however, confirms that he is however limited to just that—speculation.
Other than just alerting its users on whether their data may have been compromised, Mozilla also said that it’s working on a distinct service which notifies users if a site they’re visiting has been hacked.
The overall security strategy of Mozilla includes integrating the service of Have I Been Pwned with Firefox Lockbox, a password manager app which fills in passwords and usernames for the website a user visits on Firefox automatically.
As part of their long-term plan, Firefox Monitor will have put in place the mechanisms allowing them to verify and link your saved Lockbox logins against the overall Have I Been Pwned database—therefore offering you a comprehensive overview of the various passwords, services, accounts and usernames that may have been hacked or compromised in the event of data breach or cyberattack.