1Password lets you check securely if your password has ever been hacked

Last week we talked about Pwned Passwords , the project that lists more than 500 million passwords that have once been part of a security breach , so that any company or organization can integrate it into their services and prevent users from using passwords that are too insecure .

Just that they have done in Agilebits , the creators of the popular password manager 1Password have integrated the database so that their users can verify if their passwords have ever been hacked .

1Password has taken advantage of the API of Pwned Passwords to integrate the verification of passwords compared with the 500 million available so far. This integration allows 1Password users to check if their password is part of those databases without sending them to any external server .

All in a safe way, because at no time is the complete password sent, not even the complete hash, only the first five characters, the hash of 40 to compare it with the Troy database.

How to use 1Password to verify if your password has been hacked

If you already have a 1Password account you only need to access from the web and enter your data to access the service. Only users with a manager’s membership can use this function:

  1. Open your “safe” (vault) with all the passwords and select an item to see the details
  2. Press Shift-Control-Option-C on Mac, or Shift + Ctrl + Alt + C on Windows to unlock the option
  3. Press the button to check the password that appears next to the password

If the password appears in the Pwned Passwords database, 1Password will tell you. This does not mean exactly that your password has been leaked, but it happened to someone with the same password. In any case, the recommendation is to change it .

1Password emphasizes that they would never have added the function if it was not secure, but thanks to the way Pwned Passwords works, it is possible to check the password without the user ever sending enough information neither to the Troy Hunt service nor to the 1Password itself so that it can be rebuilt .

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *