1Password Adds Password Checker Pwned Passwords
Anyone aware of the poor track record companies like Equifax or Kickstarter have when dealing with sensitive information is probably curious as to the strength of their passwords. Passwords made via random generation are generally more secure than passwords you invent yourself (looking at you, “abc123”). Now you can check to see whether or not your password is part of a growing list of leaked passwords using 1Password, which just integrated the cracked password database Pwned Passwords into its app.
Troy Hunt is the developer of Have I Been Pwned, a free site that lets users enter their email address and compare it to a database of compromised accounts. Remember when Kickstarter and Bit.ly were compromised a few years back? Well you can use Have I Been Pwned to see if your account was among the list of breached accounts. With Pwned Passwords, you can check the strength and popularity of other passwords you use and compare it to a database of over 500 million publicly available passwords, passwords associated with compromised accounts.
To start using Pwned Passwords in 1Password, you’ll need to enable the feature by logging into your account on 1Password’s site. Select a login item and hit Shift-Control-Option-C if you’re on a macOS computer, or Shift-Ctrl-Alt-C on Windows. Then you’ll see the “Check Password” option, which will let you know whether or not that password is present in the Pwned Passwords database.
If yours is found in the database, it’s much more likely to be compromised compared to one not in Pwned Password’s list of cracked passwords. Hackers employ methods like “credential stuffing” which uses databases of username and password pairs to quickly find accounts that can be easily breached. If your string of characters isn’t randomly generated using a password manager like 1Password, you should use Pwned Passwords to verify the strength of your current selection (and then change it anyway).