Popular password management service 1Password has added a feature to check whether or not a password they’d like to use has already been breached. The “pwned” feature makes use of data from “Pnwed Passwords,” a service launched last summer.
1Password makes use of Pnwed Passwords, a service launched by Troy Hunt last summer. The service was updated this month with more password data and now contains around half a billion downloadable passwords. The information was collected by Hunt from the various online dumps from the numerous data breaches over the last few years. The passwords in the database have been hashed with SHA-1.
Hunt’s Have I Been Pwned? website lets users sign up to informed if and when their email address appears in a data breach. Users who made use of that service had asked for a service to check to see if a particular password had been breached, resulting in the Pwned Passwords service.
Currently, the feature is available only on the 1Password website, but AgileBits says the feature is on its way to the app.
To check your passwords:
- Sign in to your account on 1Password.com.
- Click Open Vault to view the items in a vault, then click an item to see its details.
- Enter the magic keyboard sequence Shift-Control-Option-C (or Shift+Ctrl+Alt+C on Windows) to unlock the proof of concept.
- Click the Check Password button that appears next to your password.
Clicking the Check Password button will call out to Troy’s service and let you know if your password exists in his database. If your password is found, it doesn’t necessarily mean that your account was breached. Someone else could have been using the same password. Either way, we recommend you change your password.
In future releases we’ll be adding this to Watchtower within the 1Password apps, so you can see your pwned passwords right in the 1Password app you use every day.