This week saw the release of a new service from security researcher Troy Hunt, Pwned Passwords, which lets you check your passwords against a database of more than 500 million passwords to see if any of yours are compromised. And though this tool was just released, the folks over at AgileBits have already integrated it into 1Password.com accounts for subscribers. With the click of a button, you can check to see if a particular password is in the database, letting you know if you need to change it.
Here's how you use 1Password's new Pwned Passwords integration.
A note on security
As AgileBits notes, sending your password off to be checked makes it inherently less secure. But working with Hunt and a team at Cloudflare, they have been able to devise a method of checking passwords without compromising their security. This is especially good news if your password is not in the database.
Here's how 1Password and Pwned Passwords keep your passwords secure when you go to check them:
First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy's new service only requires the first five characters of the 40-character hash.
To complete the process, the server sends back a list of leaked password hashes that start with those same five characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then we know this password is known and should be changed.
How to use 1Password.com to see if your passwords are compromised
- Sign in to your 1Password.com account through your web browser of choice.
Click Open Vault on one of your vaults.
- Click on a vault item to see its details.
- On your Mac keyboard, enter Shift-Control-Option-C (don't use the hyphens), or Shift-Carl-Alt-C on Windows to activate the tool.
Hover your cursor over your password.
Click Check Password. You'll get the "Oops, this password was found" or "Not found, way to go. :)" depending one whether or not your password is in the database.
For the moment, you'll need to run a check on each vault item individually, as there is no batch password checking option. Also, note that this is only for 1Password.com memberships. But while this is the case right now, AgileBits plans on adding this integration into the Watchtower section of its 1Password apps so any compromised passwords you might have will be right there in the app for you to see.
Questions?
If you have any questions about using 1Password's new password checking tool, tell us in the comments.
We may earn a commission for purchases using our links. Learn more.
Review: Papalook PA930 Live Streaming Webcam upgrades your video
You don't have to settle for the dim, blurry images captured by your computer's webcam. Upgrade your streaming content with Papalook's latest webcam.
Jonas Brothers promoting Apple Music's Dolby Atmos with 'Happiness Begins'
Apple Music continues to grow its collection of songs that feature Spatial Audio with Dolby Atmos, this time with Jonas Brothers and Happiness Begins.
AppleCare+ just got cheaper for the M1 MacBook Air and MacBook Pro
Apple has reduced the amount of money customers have to pay to sign up for AppleCare+ for M1 MacBook Air and MacBook Pro machines.
Protect your home with the best HomeKit security systems
Whether you go DIY or opt for professional monitoring, the best HomeKit security systems provide protection and peace of mind. These are the best of the best!