The breach aggregator Have I Been Pwned, one of the most popular tools to test the real-world strength of passwords, made two significant announcements on Friday: A collaboration with the FBI to obtain new, hacked passwords, and contributing some of its code-base to the open-source community.
Have I Been Pwned has two main features. The first, and the site's namesake, allows people to check if their login information is included in breached data archives circling the dark web. But a second feature allows users to check how often a given password has been found in the dataset - testing the strength of a password against dictionary-style brute force attacks. The later feature, "Pwned Passwords," will be at the center of both the FBI's involvement with the site and with the open-source initiative.