This week saw the release of a new service from security researcher Troy Hunt, Pwned Passwords, which lets you check your passwords against a database of more than 500 million passwords to see if any of yours are compromised. And though this tool was just released, the folks over at AgileBits have already integrated it into 1Password.com accounts for subscribers. With the click of a button, you can check to see if a particular password is in the database, letting you know if you need to change it.
Here's how you use 1Password's new Pwned Passwords integration.
A note on security
As AgileBits notes, sending your password off to be checked makes it inherently less secure. But working with Hunt and a team at Cloudflare, they have been able to devise a method of checking passwords without compromising their security. This is especially good news if your password is not in the database.
Here's how 1Password and Pwned Passwords keep your passwords secure when you go to check them:
First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy's new service only requires the first five characters of the 40-character hash.
To complete the process, the server sends back a list of leaked password hashes that start with those same five characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then we know this password is known and should be changed.
How to use 1Password.com to see if your passwords are compromised
- Sign in to your 1Password.com account through your web browser of choice.
Click Open Vault on one of your vaults.
- Click on a vault item to see its details.
- On your Mac keyboard, enter Shift-Control-Option-C (don't use the hyphens), or Shift-Carl-Alt-C on Windows to activate the tool.
Hover your cursor over your password.
Click Check Password. You'll get the "Oops, this password was found" or "Not found, way to go. :)" depending one whether or not your password is in the database.
For the moment, you'll need to run a check on each vault item individually, as there is no batch password checking option. Also, note that this is only for 1Password.com memberships. But while this is the case right now, AgileBits plans on adding this integration into the Watchtower section of its 1Password apps so any compromised passwords you might have will be right there in the app for you to see.
Questions?
If you have any questions about using 1Password's new password checking tool, tell us in the comments.
We may earn a commission for purchases using our links. Learn more.
iOS gaming recap: PlayStation makes big moves into iOS, Streets of Rage 4
Besides some new games, a huge game maker discussed its plans to move into the mobile space, although it's unclear when. Here's what else you missed this week.
GRAMMY-winning music producer lauds his Mac Studio but still wants Mac Pro
GRAMMY-winning music producer Mike Dean, who has worked with the likes of Kanye, Selena Gomez, and Madonna has taken to Instagram to wax lyrical about his M1 Ultra Mac Studio while still lamenting the fact that he can't buy an Apple silicon Mac Pro.
Review: You really ought to check out Catalyst Black for iOS
Catalyst Black is an online multiplayer game that has teams compete against each other to score points and take down opponents. It has both sci-fi and fantasy elements since players can turn into large beasts to do additional damage.
Keep an eye on the front door with the best HomeKit video doorbells
HomeKit video doorbells are a great way to keep an eye on those precious packages at your front door. While there are just a few from which to choose, these are the best HomeKit options available.