clock menu more-arrow no yes mobile

Filed under:

1Password will alert you if your password has been leaked

New, 12 comments

The database has over 500 million passwords that have been compiled from previous breaches

1Password, the password managing app, has introduced a new proof-of-concept feature that alerts you when you use a compromised password. The feature integrates a new service that was released earlier this week by web security expert Troy Hunt called Pwned Passwords, which lets users check to see if a password they’re using has already been leaked onto the internet. The database has over 500 million passwords that have been compiled from previous breaches.

Starting today, anyone with a 1Password membership can use this service, which is integrated with Hunt’s database. To do so, just sign into your 1Password account, click on Open Vault, then select an item to view its details. If you’re on a Mac, press and hold Shift-Control-Option-C, or Shift+Ctrl+Alt+C if you’re using Windows, to unlock the proof-of-concept feature, then click on the “check password” button to see if your password matches up with any in Hunt’s database.

AgileBits, the company behind 1Password says that checking your password using this feature is safe. The company says it hashes your password using the SHA-1 (Secure Hash Algorithm 1) and sends the first five characters of the 40-character hash to Hunt’s service. Hunt’s server then sends back a list of leaked password hashes that start with those same five characters, and 1Password compares the list locally for a full match.

AgileBits notes that even if your password does reveal a match, it doesn’t necessarily mean your account has been breached, but someone else could have been using the same password. Regardless, AgileBits recommends users change their password if this happens. The company says it will add this feature to its Watchtower tool within 1Password apps in the future.

While maintaining long and unique passwords across your various accounts can be time-consuming, it’s certainly worth it, considering how susceptible companies are to data breaches. You’re most at risk if you’re using basic passwords or the same one across different websites. To be safe, make sure you use a password manager.