CN113411315B - Account password leakage detection method and account password manager - Google Patents
Account password leakage detection method and account password manager Download PDFInfo
- Publication number
- CN113411315B CN113411315B CN202110594434.9A CN202110594434A CN113411315B CN 113411315 B CN113411315 B CN 113411315B CN 202110594434 A CN202110594434 A CN 202110594434A CN 113411315 B CN113411315 B CN 113411315B
- Authority
- CN
- China
- Prior art keywords
- domain name
- information
- account
- password
- name information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a detection method for leakage of an account password and an account password manager, wherein the method comprises the following steps: acquiring a blacklist domain name information list with account password leakage; acquiring all domain name information with the risk of leakage of account passwords in a local account password database according to the blacklist domain name information list; and displaying prompt information for prompting a user to modify the account and the password in a preset display mode, wherein the prompt information comprises all domain name information with risk of leakage of the account and the password. The method and the account password manager can solve the problem that in the related art, when the account password of a registered website of a user is leaked, if the corresponding account or password is not modified in time, the data security of the user on the website and even on other websites is often endangered, and therefore unnecessary loss is brought to the user.
Description
Technical Field
The invention relates to the technical field of networks, in particular to a detection method for leakage of an account password and an account password manager.
Background
At present, people usually register a large number of accounts and passwords in the process of using a network, however, when the account and the password of a website registered by a user are leaked, if the corresponding account or password is not modified in time, the data security of the user on the website and even on other websites is often endangered, and thus unnecessary loss is brought to the user.
Disclosure of Invention
The invention provides an account password leakage detection method and an account password manager, aiming at the defects of the prior art, and aiming at solving the problem that when an account password leakage occurs in a website registered by a user in the related art, if the user does not modify the corresponding account or password in time, the data security of the user on the website and even on other websites is often endangered, so that unnecessary loss is brought to the user.
In a first aspect, an embodiment of the present invention provides a method for detecting leakage of an account password, which is applied to an account password manager, and the method includes:
acquiring a blacklist domain name information list with account password leakage;
acquiring all domain name information with the risk of leakage of account passwords in a local account password database according to the blacklist domain name information list;
and displaying prompt information for prompting a user to modify the account and the password in a preset display mode, wherein the prompt information comprises all domain name information with risk of leakage of the account and the password.
Preferably, the obtaining of the blacklist domain name information list with the account password leakage specifically includes:
acquiring a blacklist domain name information list with account password leakage from a website blacklist database according to an account password leakage detection request of a user; alternatively, the first and second electrodes may be,
and periodically acquiring the blacklist domain name information list with the account password leakage from the website blacklist database.
Preferably, the local account password database includes domain name information, account information, password information and account password update dates of all websites registered by the user;
the obtaining of all domain name information with risk of disclosure of passwords of account numbers in a local account number password database according to the blacklist domain name information list specifically includes:
sequentially taking each blacklist domain name information in the blacklist domain name information list as current blacklist domain name information;
judging whether first domain name information identical to the current blacklist domain name information exists in the local account password database or not;
if yes, further judging whether the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information;
and if the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information, determining the first domain name information and second domain name information which has the same account information and password information as the first domain name information in the local account password database as the domain name information with the risk of leakage of the account password.
Preferably, the local account password database further includes account summary information generated according to the account information and password summary information generated according to the password information;
the determining, as domain information with risk of disclosure of the account password, the first domain information and second domain information in the local account password database, which has the same account information and password information as the first domain information, specifically includes:
and determining the first domain name information and second domain name information which has the same account number summary information and password summary information as the first domain name information in the local account number password database as the domain name information with the risk of account number password leakage.
Preferably, the local account password database further contains security levels and risk description information of all websites registered by the user;
after obtaining all the domain name information with the risk of disclosure of the account password in the local account password database according to the blacklist domain name information list, the method further comprises the following steps:
setting security levels corresponding to all domain name information with account password leakage risks in the local account password database as leakage risk levels;
and updating risk description information corresponding to all domain name information with risk of leakage of the account password in the local account password database.
Preferably, the prompt message further includes the risk description information;
before the displaying of the prompt information for prompting the user to modify the account and the password in the preset display mode, the method further includes:
acquiring domain name information with all security levels being leakage risk levels and corresponding risk description information from the local account password database;
and generating prompt information which sequentially comprises the domain name information with the security level as the leakage risk level and the corresponding risk description information.
Preferably, after the prompt information for prompting the user to modify the account and the password is displayed in the preset display mode, the method further includes:
when an account password updating event of a target website corresponding to the domain name information with the security level of leakage risk level is detected, if the updated account information and/or password information is different from the original account information and/or password information, modifying the corresponding security level to be non-risk level, and clearing the corresponding risk description information.
Preferably, the method further comprises:
when a registration event that a user registers in a certain website is detected, storing domain name information, currently registered account information, password information and registration time of the certain website into the local account password database; and the number of the first and second groups,
and when an account password updating event of the user to the certain website is detected, updating account information and/or password information corresponding to the domain name information of the certain website in the local account password database and the account password updating date.
In a second aspect, an embodiment of the present invention provides an account password manager, including:
the blacklist list acquisition module is used for acquiring a blacklist domain name information list with account password leakage;
the risk domain name acquisition module is connected with the blacklist list acquisition module and used for acquiring all domain name information with the risk of account password leakage in a local account password database according to the blacklist domain name information list;
and the account password modification reminding module is connected with the risk domain name acquisition module and is used for displaying prompt information for reminding a user of modifying the account and the password in a preset display mode, wherein the prompt information comprises all domain name information with risk of account password leakage.
In a third aspect, an embodiment of the present invention provides an account password manager, including a memory and a processor, where the memory stores a computer program, and the processor is configured to run the computer program to implement the method for detecting account password leakage according to the first aspect.
According to the account password leakage detection method and the account password manager provided by the embodiment of the invention, a blacklist domain name information list with account password leakage is obtained, all domain name information with account password leakage risks in a local account password database is obtained according to the blacklist domain name information list, and prompt information for prompting a user to modify an account and a password is displayed in a preset display mode, wherein the prompt information comprises all domain name information with account password leakage risks, so that the user can know which registered websites have account password leakage, the user can modify corresponding accounts or passwords aiming at the prompt information in time, and the problem that in the related technology, when the account password leakage occurs in a registered website of the user, if the user does not modify the corresponding account or password in time, the data security of the user on the website or even on other websites is often endangered, and unnecessary loss is brought to the user is solved.
Drawings
FIG. 1: the invention relates to a scene diagram of a detection method for leakage of an account password in an embodiment;
FIG. 2: a flow chart of a detection method for leakage of an account password in embodiment 1 of the present invention;
FIG. 3: is a schematic structural diagram of an account password manager in embodiment 2 of the present invention;
FIG. 4: a schematic structural diagram of an account password manager in embodiment 3 of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the following detailed description will be made with reference to the accompanying drawings.
It is to be understood that the specific embodiments and figures described herein are merely illustrative of the invention and are not limiting of the invention.
It is to be understood that the embodiments and features of the embodiments can be combined with each other without conflict.
It is to be understood that, for the convenience of description, only parts related to the present invention are shown in the drawings of the present invention, and parts not related to the present invention are not shown in the drawings.
It should be understood that each unit and module related in the embodiments of the present invention may correspond to only one physical structure, may also be composed of multiple physical structures, or multiple units and modules may also be integrated into one physical structure.
It will be understood that, without conflict, the functions, steps, etc. noted in the flowchart and block diagrams of the present invention may occur in an order different from that noted in the figures.
It is to be understood that the flowchart and block diagrams of the present invention illustrate the architecture, functionality, and operation of possible implementations of systems, apparatus, devices and methods according to various embodiments of the present invention. Each block in the flowchart or block diagrams may represent a unit, module, segment, code, which comprises executable instructions for implementing the specified function(s). Furthermore, each block or combination of blocks in the block diagrams and flowchart illustrations can be implemented by hardware-based systems that perform the specified functions or by a combination of hardware and computer instructions.
It is to be understood that the units and modules involved in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware, for example, the units and modules may be located in a processor.
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present invention, a brief description will be given below of some technical terms involved in the embodiments of the present invention.
It should be noted that the scene diagram described in the embodiment of the present application is for more clearly illustrating the technical solution of the embodiment of the present application, and does not constitute a limitation to the technical solution provided in the embodiment of the present application, and as a person having ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
As shown in fig. 1, a scene diagram of a method for detecting leakage of an account password according to an embodiment of the present application is provided, where each part is described as follows:
(1) The browser: generally refers to a browser running on a user's computer or cell phone.
(2) Website blacklist database: the database may be run on a remote server, and an administrator updates, in real time, domain name information of a website where an account password is revealed and a date of the revealed website according to information such as a security bulletin published on the internet, for example, the website blacklist database may include a blacklist data table for storing information about the website where the account password is revealed, for example, the structure of the blacklist table may be as shown in table 1:
table 1:
(3) An account password manager: the method generally refers to a browser plug-in or application program which is currently operated on a user computer or a mobile phone and has an account password recording function, and is responsible for monitoring websites which are currently visited by a browser user in real time, and updating information in a local account password database in time when a registration event of the user for a new website or an account password updating event for a registered website is detected. The account password manager is also used for managing information in the local account password database by inquiring blacklist domain name information in the website blacklist database, detecting through a series of comparison, acquiring all website information with account password leakage risks in the local account password database, and timely notifying a user to modify corresponding accounts and passwords according to a detection result.
(4) Local account number password database: the account password manager runs inside the account password manager and is used for recording information such as website domain names, accounts, passwords, account password updating dates and the like registered by users so as to be used by the account password manager. For example, the local account password database may include an account data table for storing information about all websites that the user has registered, for example, the account table structure may be as shown in table 2:
table 2:
based on the scene diagram shown in fig. 1, the following describes a related embodiment of the method for detecting account password leakage according to the present application.
Example 1:
the embodiment provides a method for detecting account password leakage, which is applied to an account password manager, and as shown in fig. 2, the method includes:
step S102: and acquiring a blacklist domain name information list with the leaked account password.
In this embodiment, the account password manager may obtain a blacklist domain name information list with an account password leakage from a website blacklist database according to an account password leakage detection request of a user, for example, when the user inputs a website in a browser and is about to access the website, the account password manager may display a popup to prompt the user whether the account password leakage detection needs to be performed, and if the user clicks to confirm, the account password manager may receive the account password leakage detection request of the user.
In this embodiment, the account password manager may also periodically obtain a blacklist domain name information list where the account password is leaked from the website blacklist database, where the blacklist domain name information list includes all blacklist domain name information where the account password is leaked, or when new blacklist domain name information is detected in the website blacklist database, the blacklist domain name information list may be sent to the account password manager, and at this time, the blacklist domain name information list only includes the new blacklist domain name information.
Step S104: and acquiring all domain name information with the risk of leakage of the account password in the local account password database according to the blacklist domain name information list.
In this embodiment, the local account password database may include domain name information, account information, password information, and update date of the account password of all websites that the user has registered. The account password manager is responsible for monitoring websites visited by a current user of the browser in real time, and when the account password manager detects a registration event that the user registers in a certain website, the account password manager stores domain name information, currently registered account information, password information and registration time of the certain website into a local account password database; and when detecting an account password updating event of a certain website by a user, updating account information and/or password information corresponding to the domain name information of the website in the local account password database and the account password updating date.
Optionally, the obtaining, according to the blacklist domain name information list, all domain name information in the local account password database, where there is a risk of revealing an account password, may specifically include:
sequentially taking each piece of blacklist domain name information in the blacklist domain name information list as current blacklist domain name information;
judging whether first domain name information identical to current blacklist domain name information exists in a local account password database or not;
if yes, further judging whether the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information;
and if the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information, determining the first domain name information and second domain name information which has the same account information and password information with the first domain name information in the local account password database as the domain name information with the risk of account password leakage.
In this embodiment, if the update date of the account password corresponding to the first domain name information is later than the disclosure date of the current blacklist domain name information, it indicates that the account password of the user is newly registered or modified after data disclosure occurs in the website, and there is no disclosure risk, otherwise, it indicates that there is an account password disclosure risk. In the process of setting or modifying the account password, the user often sets the same account or password on different websites for the convenience of memorizing, so that in order to avoid that the data security of the user on the website and other websites is endangered due to the leakage of the account password of a certain website, the user needs to modify the account password information of the website and other websites with the same account and password information as the website in time, namely, the account password manager determines the first domain name information and the second domain name information which has the same account information and password information as the first domain name information in the local account password database as the domain name information with the risk of leakage of the account password, so that the user can be reminded of modifying the account or password in a targeted manner in time.
In this embodiment, in order to facilitate protection of user information, the local account password database may further include account summary information generated according to the account information and password summary information generated according to the password information. If the account summary information corresponding to the two domain name information is the same, it indicates that the two domain name information have the same account information. Similarly, if the password digest information corresponding to the two domain name information is the same, it indicates that the two domain name information have the same password information, the account password manager may compare the account digest information and the password digest information of the first domain name information with the related information corresponding to the other domain name information in the local account password database, and if the two domain name information and the password digest information are the same, it indicates that the domain name information and the first domain name information have the same account information and password information.
In this embodiment, in order to facilitate recording and viewing, as shown in table 2, the local account password database may further include security levels and risk description information of all websites that the user has registered, and the security levels may be classified into a risk-free level and a leakage risk level. The account password manager can set security levels corresponding to all domain name information with risk of account password leakage in the local account password database as leakage risk levels, and update risk description information corresponding to all domain name information with risk of account password leakage in the local account password database. For example, if the domain name information of the current blacklist is abc.com, the first domain name information with the domain name abc.com exists in the local account password database, if the corresponding account information is user a and the password information is password da, the corresponding risk description information may be set to "data leakage occurs on a certain day of a month in a certain year in a website abc.com, and a password is required to be modified in time for ensuring the security of the account", if the account information exists in the local account password database and is user a and the password information is second domain name information of password da, that is def.com, the security level corresponding to def.com is set to be a leakage risk level, the corresponding risk description information may be set to "data leakage occurs on a certain day of a month in a certain year in a website abc.com, and a password identical to the website is used for ensuring the security of the account, and a password is required to be modified in time.
Step S106: and displaying prompt information for prompting a user to modify the account and the password in a preset display mode, wherein the prompt information comprises all domain name information with risk of leakage of the account and the password.
In this embodiment, the preset display mode may be a pop-up window or other display modes. The reminder information may also include corresponding risk description information. Specifically, the account password manager may first obtain all domain name information with a security level of leakage risk level and corresponding risk description information from the local account password database, and then generate prompt information sequentially including the domain name information with the security level of leakage risk level and the corresponding risk description information, so that the user can know which registered websites have account password leakage and need to modify the registered websites in time. Meanwhile, when the account and password manager detects an account and password updating event of a target website corresponding to domain name information with a security level of leakage risk level, if the updated account information and/or password information is different from the original account information and/or password information, the corresponding security level is modified to be a risk-free level, and corresponding risk description information is cleared.
In a specific embodiment, the website blacklist database includes a blacklist data table as shown in table 1, the local account password database includes an account data table as shown in table 2, and the flow of the account password manager performing account password leakage detection may include the following steps:
1) The account password manager reads a website record with account password leakage from a blacklist of a website blacklist database to obtain domain and date, for example, the domain name is abc.com;
2) The account password manager queries a domain field in an account password database account by taking abc.com as a keyword, and judges whether a user has website registration information with the domain name of abc.com;
3) If not, the user does not register the website, the risk of leakage of the account number and the password does not exist, and the step 1) is returned to continue to read the next record in the blacklist;
4) If so, further judging whether the date field value of the record is larger than the date field value in the blacklist, if so, indicating that the account password of the user is newly registered or modified after the data leakage occurs in the website, and returning to the step 1) to continuously read the next record in the blacklist;
5) Otherwise, the account number and the password of the user in the abc.com website are shown to have leakage risks, the content of the security level field level of the record in the account database is changed into leakage risks, the detail content is set as that the website abc.com has data leakage in a certain day of a certain month in a certain year, and the password is required to be modified in time for guaranteeing the safety of the account;
6) And further acquiring a userDiget and a passdDiget corresponding to the record in the account database, and re-querying fields of the userDiget and the passdDiget corresponding to all the records in the account database as query conditions. Finding out records with completely same contents (which shows that the user uses the account password same as abc.com on other sites, so that the risk of account leakage exists), updating the level field content of the records into leakage risk, setting the content of detail as 'website abc.com leaks data in a certain month in a certain year, and please modify the password in time for guaranteeing the account security';
7) Returning to the step 1) to continue the next record of the blacklist, and repeating the steps until the detection of all records in the blacklist is completed;
8) And finally, displaying all record site, user and detail fields with the level of 'leakage risk' in the database account to the user in batch in a list form, so that the user can modify the account password of the website with the leakage risk, recalculating the abstract of the user or password field after the user modifies the account number or password, and if the updated user digest or password digest is different from the original one, changing the level into 'no risk' and clearing the content of the detail field.
According to the detection method for the account password leakage, provided by the embodiment of the invention, a blacklist domain name information list with the account password leakage is obtained, all domain name information with the account password leakage risk in a local account password database is obtained according to the blacklist domain name information list, and prompt information for prompting a user to modify an account and a password is displayed in a preset display mode, wherein the prompt information comprises all domain name information with the account password leakage risk, so that the user can know which registered websites have the account password leakage, the user can modify corresponding accounts or passwords in time aiming at the prompt information, and the problem that when the account password leakage occurs in the registered websites of the user in the related technology, if the corresponding account or password is not modified in time, the data security of the user on the website and even on other websites is often endangered, and unnecessary loss is brought to the user is solved.
Example 2:
as shown in fig. 3, this embodiment provides an account password manager, which includes:
the blacklist list acquisition module 12 is configured to acquire a blacklist domain name information list where an account password is leaked;
a risk domain name acquisition module 14, connected to the blacklist list acquisition module 12, configured to acquire, according to the blacklist domain name information list, all domain name information in the local account password database, where there is a risk of account password leakage;
and the account password modification reminding module 16 is connected with the risk domain name acquisition module 14 and is used for displaying prompt information for reminding a user of modifying the account and the password in a preset display mode, wherein the prompt information comprises all domain name information with risk of account password leakage.
Optionally, the blacklist list obtaining module 12 is specifically configured to obtain a blacklist domain name information list with account password leakage from a website blacklist database according to an account password leakage detection request of a user; alternatively, the first and second electrodes may be,
the method is used for regularly acquiring a blacklist domain name information list with account password leakage from a website blacklist database.
Optionally, the local account password database includes domain name information, account information, password information, and account password update dates of all websites that the user has registered;
optionally, the risk domain name obtaining module 14 may specifically include:
the circulating unit is used for sequentially taking each piece of blacklist domain name information in the blacklist domain name information list as the current blacklist domain name information;
the first judgment unit is used for judging whether first domain name information which is the same as the current blacklist domain name information exists in the local account password database or not;
the second judging unit is used for further judging whether the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information if the first domain name information exists;
and the determining unit is used for determining the first domain name information and second domain name information which has the same account number information and password information with the first domain name information in the local account number password database as the domain name information with the risk of account number password leakage if the update date of the account number password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information.
Optionally, the local account password database further includes account summary information generated according to the account information and password summary information generated according to the password information;
optionally, the determining unit is specifically configured to determine, if the update date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information, the first domain name information and second domain name information in the local account password database, which has the same account summary information and password summary information as the first domain name information, as the domain name information with the risk of leakage of the account password.
Optionally, the local account password database further includes security levels and risk description information of all websites registered by the user;
optionally, the method may further include:
the security level setting module is used for setting security levels corresponding to all domain name information with the risk of leakage of the account passwords in the local account password database as leakage risk levels;
and the risk description information updating module is used for updating risk description information corresponding to all domain name information with risk of leakage of the account passwords in the local account password database.
Optionally, the prompt information further includes risk description information;
optionally, the method may further include:
the risk information acquisition module is used for acquiring domain name information with all security levels as leakage risk levels and corresponding risk description information from a local account password database;
and the generating module is used for generating prompt information which sequentially comprises domain name information with a security level being a leakage risk level and corresponding risk description information.
Optionally, the method may further include:
and the risk information modification module is used for modifying the corresponding security level into a risk-free level and emptying the corresponding risk description information if the updated account information and/or password information is different from the original account information and/or password information when detecting an account password update event of the target website corresponding to the domain name information of which the security level is the leakage risk level.
Optionally, the method may further include:
the data storage module is used for storing domain name information, currently registered account information, password information and registration time of a certain website into a local account password database when a registration event that a user registers to the certain website is detected; and the number of the first and second groups,
and the database updating module is used for updating account information and/or password information corresponding to the domain name information of a certain website in the local account password database and the account password updating date when an account password updating event of the certain website by the user is detected.
Example 3:
as shown in fig. 4, the present embodiment provides an account password manager, which includes a memory 21 and a processor 22, where the memory 21 stores a computer program, and the processor 22 is configured to run the computer program to execute the method for detecting account password leakage in embodiment 1.
The memory 21 is connected to the processor 22, the memory 21 may be a flash memory, a read-only memory or other memories, and the processor 22 may be a central processing unit or a single chip microcomputer.
The account password manager provided in embodiments 2 to 3 obtains a blacklist domain name information list where an account password is leaked, obtains all domain name information where an account password is leaked in a local account password database according to the blacklist domain name information list, and displays prompt information for prompting a user to modify an account and a password in a preset display manner, where the prompt information includes all domain name information where an account password is leaked, so that the user can know which registered websites have the account password leaked, and the user can modify corresponding accounts or passwords in time according to the prompt information, thereby solving a problem that in related technologies, when an account password is leaked in a registered website of the user, if the user does not modify the corresponding account or password in time, data security of the user on the website or even on other websites is often compromised, and unnecessary loss is brought to the user.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (9)
1. A detection method for leakage of an account password is applied to an account password manager, and comprises the following steps:
acquiring a blacklist domain name information list with account password leakage;
acquiring all domain name information with the risk of leakage of account passwords in a local account password database according to the blacklist domain name information list;
displaying prompt information for prompting a user to modify an account and a password in a preset display mode, wherein the prompt information comprises all domain name information with risk of account password leakage;
wherein, the local account password database comprises domain name information, account information, password information and account password updating date of all websites which are registered by the user,
the obtaining of all domain name information with risk of disclosure of passwords of account numbers in a local account number password database according to the blacklist domain name information list specifically includes:
sequentially using each piece of blacklist domain name information in the blacklist domain name information list as current blacklist domain name information;
judging whether first domain name information identical to the current blacklist domain name information exists in the local account password database or not;
if yes, further judging whether the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information;
and if the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information, determining the first domain name information and second domain name information which has the same account information and password information as the first domain name information in the local account password database as the domain name information with the risk of leakage of the account password.
2. The method for detecting disclosure of an account password according to claim 1, wherein the obtaining of the blacklist domain name information list where the account password is disclosed specifically includes:
acquiring a blacklist domain name information list with account password leakage from a website blacklist database according to an account password leakage detection request of a user; alternatively, the first and second electrodes may be,
and periodically acquiring the blacklist domain name information list with the account password leakage from the website blacklist database.
3. The method for detecting account password leakage according to claim 1, wherein the local account password database further contains account summary information generated according to the account information and password summary information generated according to the password information;
the determining, as domain information with risk of disclosure of the account password, the first domain information and second domain information in the local account password database, which has the same account information and password information as the first domain information, specifically includes:
and determining the first domain name information and second domain name information which has the same account number summary information and password summary information as the first domain name information in the local account number password database as the domain name information with the risk of account number password leakage.
4. The method for detecting account password leakage according to any one of claims 1 to 3, wherein the local account password database further contains security level and risk description information of all websites in which the user has registered;
after obtaining all the domain name information with the risk of disclosure of the account password in the local account password database according to the blacklist domain name information list, the method further comprises the following steps:
setting security levels corresponding to all domain name information with account password leakage risks in the local account password database as leakage risk levels;
and updating risk description information corresponding to all domain name information with risk of leakage of the account password in the local account password database.
5. The account password leakage detection method according to claim 4, wherein the prompt message further includes the risk description message;
before the displaying of the prompt information for prompting the user to modify the account and the password in the preset display mode, the method further includes:
acquiring domain name information with all security levels being leakage risk levels and corresponding risk description information from the local account password database;
and generating prompt information which sequentially comprises the domain name information with the security level as the leakage risk level and the corresponding risk description information.
6. The method for detecting account password leakage according to claim 5, wherein after the prompt message for prompting the user to modify the account and the password is displayed in a preset display manner, the method further comprises:
when an account password updating event of a target website corresponding to the domain name information with the security level of leakage risk level is detected, if the updated account information and/or password information is different from the original account information and/or password information, modifying the corresponding security level to be non-risk level, and clearing the corresponding risk description information.
7. The method for detecting account password leakage according to any one of claims 1 to 3, further comprising:
when a registration event that a user registers in a certain website is detected, storing domain name information, currently registered account information, password information and registration time of the certain website into the local account password database; and the number of the first and second groups,
and when an account password updating event of the user to a certain website is detected, updating account information and/or password information corresponding to the domain name information of the certain website in the local account password database and an account password updating date.
8. An account password manager, comprising:
the blacklist list acquisition module is used for acquiring a blacklist domain name information list with account password leakage;
the risk domain name acquisition module is connected with the blacklist list acquisition module and used for acquiring all domain name information with the risk of account password leakage in a local account password database according to the blacklist domain name information list;
the account password modification reminding module is connected with the risk domain name acquisition module and used for displaying prompt information for reminding a user of modifying an account and a password in a preset display mode, wherein the prompt information comprises all domain name information with risk of account password leakage;
wherein, the local account password database comprises domain name information, account information, password information and account password updating date of all websites which are registered by the user,
the risk domain name acquisition module specifically executes the following steps:
sequentially using each piece of blacklist domain name information in the blacklist domain name information list as current blacklist domain name information;
judging whether first domain name information identical to the current blacklist domain name information exists in the local account password database or not;
if yes, further judging whether the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information;
and if the updating date of the account password corresponding to the first domain name information is earlier than or equal to the leakage date of the current blacklist domain name information, determining the first domain name information and second domain name information which has the same account information and password information as the first domain name information in the local account password database as the domain name information with the risk of leakage of the account password.
9. An account password manager comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to implement the method for detecting account password leakage according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110594434.9A CN113411315B (en) | 2021-05-28 | 2021-05-28 | Account password leakage detection method and account password manager |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110594434.9A CN113411315B (en) | 2021-05-28 | 2021-05-28 | Account password leakage detection method and account password manager |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113411315A CN113411315A (en) | 2021-09-17 |
| CN113411315B true CN113411315B (en) | 2022-10-28 |
Family
ID=77675252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110594434.9A Active CN113411315B (en) | 2021-05-28 | 2021-05-28 | Account password leakage detection method and account password manager |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113411315B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107292160A (en) * | 2017-06-21 | 2017-10-24 | 福建中金在线信息科技有限公司 | The update method of account number cipher, more new system, electronic equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10356125B2 (en) * | 2017-05-26 | 2019-07-16 | Vade Secure, Inc. | Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks |
| CN109257356B (en) * | 2018-09-26 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Internet account risk assessment method and system |
-
2021
- 2021-05-28 CN CN202110594434.9A patent/CN113411315B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107292160A (en) * | 2017-06-21 | 2017-10-24 | 福建中金在线信息科技有限公司 | The update method of account number cipher, more new system, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113411315A (en) | 2021-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8544091B2 (en) | Advocate for facilitating verification for the online presence of an entity | |
| US10740411B2 (en) | Determining repeat website users via browser uniqueness tracking | |
| US9749153B2 (en) | User registration notification between different communication services | |
| JP2015506034A (en) | Method and apparatus for facilitating single sign-on service | |
| US9560040B1 (en) | Mitigating risk of account enumeration | |
| US9407592B2 (en) | Enabling mapping identification of online identities between different messaging services | |
| CN111770086B (en) | Fishing user simulation collection method, device, system and computer readable storage medium | |
| CN107770146B (en) | User data authority control method and device | |
| RU2354054C2 (en) | Method and device for device integrity detection | |
| WO2013173238A1 (en) | Electronic transaction notification system and method | |
| WO2019236391A1 (en) | System and method of creating provisional account profiles | |
| CN113411315B (en) | Account password leakage detection method and account password manager | |
| US20150140957A1 (en) | Prepaid phone card charging | |
| JP6813711B1 (en) | Fraud estimation system, fraud estimation method, and program | |
| CN108632348B (en) | Service checking method and device | |
| US20010056423A1 (en) | Membership management method and membership management system | |
| CN111127183A (en) | Data processing method, device, server and computer readable storage medium | |
| KR20000037207A (en) | Personal information control method of website | |
| CN106709353B (en) | Security detection method and device for search engine | |
| US9832309B2 (en) | Method and apparatus to detect a stale number | |
| CN118282942A (en) | Service distribution method, device, equipment and storage medium | |
| JP2006079419A (en) | Requirement notification system, server, method and program | |
| US20120023108A1 (en) | System to determine peer ranking of individual in a social network | |
| CN115934961A (en) | Method, device and equipment for constructing enterprise patent map and storage medium | |
| WO2015019361A1 (en) | A system and a method to retreive information of second degree network by utilizing first degree network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |