Very Soon You Will Be Capable to Authenticate with Have I Been Pwned (but Not Access, Sign On, or Connect)

AndyC 24 April 2025

24 April 2025

How do seemingly minor tasks manage to occupy so much time?

You'll Soon Be Able to Sign in to Have I Been Pwned (but Not Login, Log in or Log On)

24 April 2025

How do seemingly minor tasks manage to occupy so much time?! This week a proposal surfaced suggesting that instead of being capable of accessing the new HIBP website, you should, alternatively, be allowed to log in. Initially, this brought about some confusion since I’ve been accustomed to logging on to applications for decades:

Therefore, I proceeded and signed in (yes, once more) to X and consulted with numerous individuals to determine the correct phrase:

As this did not provide a definitive winner, I commenced surveying various sources.

Cloudflare’s Zero Trust documents encompass details about customizing the access page, which presumably can be done after you authenticate:

Another, um, “in-demand” platform prompts you to sign in:

Upon completing the initial procedure, you are encouraged to authenticate:

You have the option to sign on to Canva, clearly indicated by the HTML title, which implies that you are on the access page:

You may access the Commonwealth Bank website here in Australia:

However, to gain entry to the login page for ANZ bank, you must authenticate, unless you have misplaced your login credentials:

Ah, but many of these distinctions stem from the contrast between the noun “login” (the page is an object) and the verb “log in” (when you carry out an activity), correct? Well… it depends on your banking establishment 🤷‍♂️

And there’s also the possibility that you neither access nor log on at all:

Finally, amidst the darkness of seemingly interchangeable terms that may or may not contradict English language standards, a trend emerged. You also authenticate with Google:

As well as Microsoft:

And Amazon:

And Yahoo:

And, as previously mentioned, X:

And now, Have I Been Pwned:

There are some standout exceptions (like Facebook and ChatGPT, for instance), but “sign in” did emerge as the top choice among the most visited sites worldwide. On deeper reflection, “log[whatever]” seems to suggest something different from how we currently authenticate to systems and may be a holdover from the past. Nonetheless, this argument is likely no more meaningful than the distinction between performing an action or interacting with an object.

Have I Been Pwned
UX
Tweet
Post
Update
Email
RSS

Hi, I’m Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , ,

More Stories

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

AndyC 19 December 2025

You may have missed

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.