Canadian password management service 1Password has integrated a new feature intended to inform users if their passwords have leaked online.
Using Troy Hunt’s Pwned Passwords V2 database, the 1Password feature is a proof-of-concept available to members that allows them to check their passwords to see if they’ve appeared in a previous cybersecurity incident.
Troy Hunt is an Australian cyber security expert. His Have I Been Pwned? Website was designed to alert users if their email addresses were included in a list of known breached sites.
Hunt first launched the Pwned Passwords database in August 2017, with 320 million passwords collected from different breaches around the world. As of February 22, 2018, Pwned Passwords now contains precisely 501,636,842 passwords.
AgileBits integrated the Pwned Passwords database into 1Password.com because they were intrigued by the possibilities of being able to use a password manager to check to see if passwords are common or uncommon.
“If your password is found, it doesn’t necessarily mean that your account was breached,” reads an excerpt from a February 22nd, 2018 AgileBits blog post. “Someone else could have been using the same password. Either way, we recommend you change your password.”
As of right now, the feature is only available on 1Password.com, but AgileBits says that the feature will be integrated into a future release of the 1Password mobile app.
“As cool as this new feature is, we would never add it to 1Password unless it was private and secure,” reads an excerpt from an AgileBits blog post.
AgileBits also clarified that password data is never sent to Troy Hunt’s Pwned Passwords server, meaning that users don’t need to worry about their creative, original passwords getting catalogued for potential use.
“Instead, Troy’s new service only requires the first five character of the 40-character hash,” reads an excerpt from the AgileBits blog. “To complete the process, the server sends back a list of leaked password hashes that start with those same five characters.”
1Password then compares the list on its own serves, and informs users if there’s a match.