1Password now lets you see if your password has been leaked
If you have a 1Password membership, you can now check to see if your passwords have been compromised by data breaches and leaked on the internet. It’s just a proof of concept feature for now, but 1Password says that in future releases, it will be added to Watchtower within 1Password apps. The feature is an integration of Troy Hunt’s Pwned Passwords service that includes over 500 million leaked passwords.
To use the proof of concept feature now, sign into your account on 1Password.com and click Open Vault. Click on an item in the vault, then Shift-Control-Option-C or Shift+Ctrl+Alt+C depending on your operating system. That unlocks the proof of concept and allows you to click the “Check Password” button next to your password. You can see in the video below what happens next. If your password matches one in Pwned Passwords, 1Password will let you know. If it doesn’t, 1Password will tell that you’re all good. We want to note that if your password matches one in the database, it doesn’t necessarily mean it was part of a data breach. Someone else could’ve been using your same password, but in either case, you should change it.
The good thing about this feature is that it doesn’t compromise the password you’re checking on by sending it out to Pwned Passwords or to 1Password. When checking a password, 1Password hashes it and sends only part of that hash to Pwned Passwords. Any password hashes with the same first few characters as yours are sent to 1Password and are then compared to your full hash locally.
You can read more about Pwned Passwords here.
(33)