Troy Hunt

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

802 posts

Weekly Update 147

So "Plan A" was to publish Pwned Passwords V5 on Tuesday but a last-minute check showed control characters had snuck in due to the quality (or lack thereof) of the source data. Scratch that and go to "Plan B" which was to push them out today but a last-minute check showed that my "improved" export script had screwed up the encoding and every single hash was wrong. "Plan C" is now to push them out on the weekend with everything working correctly. Hopefully. If I don't screw anything up again...The constant challenge I've faced over the last few years is the massive amount of multi-tasking required to do all the things I'm presently doing. I touched on this in...

Pwned Passwords, Version 5

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today. I love that piece because so much of it flies in the face of traditional thinking about passwords, for example:Don't impose composition rules (upper case, lower case, numbers, etc)Don't mandate password rotation (enforced changing of it every few months)Never implement password hintsAnd of most relevance to the discussion here today, don't allow people to use passwords that have already been exposed in a data breach....

Weekly Update 146

After a very non-stop Cyber Week in Israel, I'm back in Oslo working through the endless emails and other logistics related to Project Svalbard. In my haste this week, I put out a really poorly worded tweet which I've tried to clarify in this week's video. On more positive news, the Austrian government came on board HIBP and my MVP status got renewed for the 9th time. I also wanted to talk this week about some of the stats from HIBP I've been preparing as part of the acquisition. There's a bunch of really interesting numbers in there (for me at least) and rather than just keeping them locked away in an information memorandum, I thought I'd share them with...

Microsoft MVP Award, Year 9

I've become especially reflective of my career this year, especially as Project Svalbard marches forward and I look back on what it's taken to get here. Especially as I have more discussions around the various turning points in my professional life, there's one that stands out above most others: my first MVP award.This is not a path I planned, in fact when I originally got that award I referred to myself as The Accidental MVP. But I also think that's the best way to earn any of the awards I've since received; not by setting out with the award as the goal, but rather focusing on the activities for which the award is granted. I wrote a blog people...

Welcoming the Austrian Government to Have I Been Pwned

Early last year, I announced that I was making HIBP data on government domains for the UK and Australia freely accessible to them via searches of their respective TLDs. The Spanish government followed a few months later with each getting unbridled access to search their own domains via an authenticated API. As I explained in that initial post, the rationale was to help the departments tasked with looking after the exposure of their digital assets by unifying search and monitoring capabilities so the task could be performed centrally rather than having the effort replicated over and over again by individual departments. Before this effort, there were hundreds of gov domains being manually monitored by separate departments across those governments -...

Weekly Update 145

Something totally new this week - Israel! I spent the week in Tel Aviv at Cyber Week, a massive infosec conference where I shared the keynote stage with an amazing array of speakers including many from three letter acronym departments and even PM Benjamin Netanyahu. It's funny how on the one hand an event like this can be so completely different to the very familiar NDC Oslo scene I was in just last week yet by the same token, I'm up there talking about all the same stuff and doing my usual thing.This week, I'm talking about Israel, the Cyber Week event and how things are tracking with Project Svalbard (spoiler - bloody busy!) I also get a ticket...

Weekly Update 144

So first things first - my patience for the Instamics we're wearing just reached zero. One of them recorded and one of them didn't which means we've had to fallback to audio captured by the iPhone I was recording from so apologies it's sub-par. I ended up just uploading the unedited clip direct from the phone because frankly, after trying to recover the non-existent audio both my time and patience were well into the red.Be that as it may, there's video, audio and a narrative to tell both around the NDC event Scott and I are at and the progress of "Project Svalbard". I'm trying to share as much as I can about that process as things progress and...

Weekly Update 143

Well this was a big one. The simple stuff first - I'm back in Norway running workshops and getting ready for my absolute favourite event of the year, NDC Oslo. I'm also talking about Scott's Hack Yourself First UK Tour where he'll be hitting up Manchester, London and Glasgow with public workshops. Tickets are still available at those and it'll be your last chance for a long time to do that event in the UK.Then there's Project Svalbard. I think it'll come across in the video below, but putting a project I've poured my heart and soul into over the last 5 and half year up for sale is a massive thing for me. There are so many emotions...

Hack Yourself First - The UK Tour by Scott Helme

It's the Hack Yourself First UK Tour! I've been tweeting a bit about this over recent times and had meant to write about it earlier, but I've been a little busy of late. Last year, I asked good friend and fellow security person Scott Helme to help me out running my Hack Yourself First workshops. I was overwhelmed with demand and he was getting sensational reviews for the TLS workshops he was already running. Since that time, Scott has run Hack Yourself First all over the world and done an absolutely sensational job of them. So, we decided to do a bunch in the UK and make them accessible to everyone:Manchester - 27th and 28th JuneLondon - 4th and...

Project Svalbard: The Future of Have I Been Pwned

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included. Increasingly, I was writing about what I thought was a pretty fascinating segment of the infosec industry; password reuse across Gawker and Twitter resulting in a breach of the former sending Acai berry spam via the latter. Sony Pictures passwords being, well, precisely the kind of terrible passwords we expect people to use but hey, actually seeing them for yourself is still shocking. And while I'm on Sony, the prevalence with which their users...