This week saw the release of a new service from security researcher Troy Hunt, Pwned Passwords, which lets you check your passwords against a database of more than 500 million passwords to see if any of yours are compromised. And though this tool was just released, the folks over at AgileBits have already integrated it into 1Password.com accounts for subscribers. With the click of a button, you can check to see if a particular password is in the database, letting you know if you need to change it.
Here's how you use 1Password's new Pwned Passwords integration.
A note on security
As AgileBits notes, sending your password off to be checked makes it inherently less secure. But working with Hunt and a team at Cloudflare, they have been able to devise a method of checking passwords without compromising their security. This is especially good news if your password is not in the database.
Here's how 1Password and Pwned Passwords keep your passwords secure when you go to check them:
First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy's new service only requires the first five characters of the 40-character hash.
To complete the process, the server sends back a list of leaked password hashes that start with those same five characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then we know this password is known and should be changed.
How to use 1Password.com to see if your passwords are compromised
- Sign in to your 1Password.com account through your web browser of choice.
Click Open Vault on one of your vaults.
- Click on a vault item to see its details.
- On your Mac keyboard, enter Shift-Control-Option-C (don't use the hyphens), or Shift-Carl-Alt-C on Windows to activate the tool.
Hover your cursor over your password.
Click Check Password. You'll get the "Oops, this password was found" or "Not found, way to go. :)" depending one whether or not your password is in the database.
For the moment, you'll need to run a check on each vault item individually, as there is no batch password checking option. Also, note that this is only for 1Password.com memberships. But while this is the case right now, AgileBits plans on adding this integration into the Watchtower section of its 1Password apps so any compromised passwords you might have will be right there in the app for you to see.
Questions?
If you have any questions about using 1Password's new password checking tool, tell us in the comments.
We may earn a commission for purchases using our links. Learn more.
Caviar unveils outrageous 'Apple Tree wood' iPad that costs $185,000
Caviar, maker of all things expensive and Apple, have unveiled a new range of Apple products made from Apple tree wood, decked with gold and diamonds, the most expensive item of which is an iPad Pro that costs $185,000.
The definitive ranking of every Legend of Zelda game
The Legend of Zelda franchise has some of the most memorable games of all time, but after such a long life in the industry, some have stood out more than others. Here's our list of every Legend of Zelda game ranked.
Apple Watch ECG finally coming to Australia
Apple has finally had its ECG for Apple Watch approved in Australia, meaning the introduction of the feature is imminent.
These HomeKit cameras work with iOS14's Face Recognition and Activity Zones
iOS 14 brings some powerful new capabilities to HomeKit Secure Video-enabled cameras like Face Recognition and Activity Zones. Here's all of the cameras and doorbells that support the latest and greatest HomeKit features.