Use 1Password’ ‘pwned password’ to verify if your password was leaked

1Password’s “pwned password” will check your password on the list of leaked passwords in previous or unannounced data breaches.

You must have heard about the various mega breaches like the ones experienced by MySpace, LinkedIn, Dropbox, YahooInstagram or the one we reported yesterday in which 3,000 databases with 2 million accounts have been found on Dark Web and the repercussions faced by the users. If you also had an account at one such service then you can expect hackers to take control of your account, whether you like it or not. And, if the same password is used to access multiple accounts at different platforms then you will be locked out of accessing all your accounts.

But there are situations when the user has no clue at all about the password being stolen and companies often take years to notify users about a data breach or never inform the affected users. What are your chances then of finding it out whether your password has been stolen or not?

The first solution that comes to mind in such a scenario is to check out security expert Troy Hunt’s HaveIBeenPwned website, which was launched last year and serves as a database listing all the breaches. However, now you have another option in the form of 1Password. This is an amazing service that makes it a lot easier to check and find out if your password has been hacked and registered users will be notified to change their password if it is no more secure. The website works by integrating half a billion of dumped credentials featured on Hunt’s Pwned into 1Password’s database.

1Password can be accessed by opening your password vault. You need to click on any of your credentials and press Shift+Control+Option+C and if using Windows OS press Shift+Ctrl+Alt+C and then click on Check Password button that will be present right next to your password. As soon as you click on Check Password, you will get to know if the password is listed on Hunt’s HaveIBeenPwned database.

The basic idea behind this service, explained Hunt, is to help users in independently verifying if their password has been hacked or not and if they should use it or not. “Mind you, someone could actually have an exceptionally good password but if the website stored it in plain text then leaked it, that password has still been ‘burned’,” wrote Hunt.

According to 1Passwor’d blog post, one of its key features is to let users check that the password they want to use is already breached or not and if it is compromised then 1Password will inform the user to pick another one. Additionally, it has the standard password strength indicator bar that lets web used improve their security practices.

Then there is Pwnage check that further minimizes the risk of password reuse since it verifies if the specific password has already been part of previous data breaches. The Pwned passwords, which are hashed with SHA-1, are being used to facilitate this feature. Pwned passwords are also available in downloadable, plain text format and queryable through an API, which prevents the sharing of complete passwords with third parties.

The service is now available to everyone who has a 1Password membership. All you need to do to check your password is to sign in to your account by visiting 1Password.com.

Here is how it works

Image Credit: PixaBay

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.