1Password can now check to see if your passwords have been leaked online

[Shawn Knight]

Security researcher Troy Hunt recently launched a new service called Pwned Passwords that makes it easy to see if your passwords have been leaked on the Internet. The team over at AgileBits Inc. liked the idea so much that they’ve created a proof of concept that integrates the service into their popular password manager, 1Password.

The proof of concept is available right now for anyone with a 1Password membership. To give it a whirl, first sign into your 1Password account, then click Open Vault. From there, you’ll want to enter the following sequence – Shift-Control-Option-C (or Shift+Ctrl+Alt+C on Windows) – to unlock the proof of concept.

It’s worth noting that even if you get a positive hit on a password, it doesn’t necessarily mean the associated account was breached. It’s possible that someone else could have been using the same password which of course indicates that your password wasn’t very strong.

Also of note is the fact that this service works without revealing your password to a third party.

Thankfully, Troy Hunt and his friends from Cloudflare found a brilliant way to check if my password is leaked without ever needing to send my password to their service. Their server never receives enough information to reconstruct my password.

First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy’s new service only requires the first five characters of the 40-character hash.

Additional details on the technical aspects of the checker can be found over on AgileBits’ blog.

The company said it plans to integrate the functionality into the Watchtower section of 1Password apps down the line.

Permalink to story.

https://www.techspot.com/news/73421-1password-can-now-check-see-if-passwords-have.html

 

[QuaZulu]

Lol. Nothing like "contra code" to test this thing out.

 

[seeprime]

This seems counter-intuitive to me. Why would I go online and give my password out for any reason? I see this as a great way to freely provide your password to a site that likely is under constant attack and waiting to be hacked. I'll keep my passwords to myself. Thanks.

 

[tipstir]

No this doesn't make sense to for me to do sorry I've opt out of showing m password.

 

[NightAngel79]

This seems counter-intuitive to me. Why would I go online and give my password out for any reason? I see this as a great way to freely provide your password to a site that likely is under constant attack and waiting to be hacked. I'll keep my passwords to myself. Thanks.

So you didn't actually read the article then huh?

 

[jwdR1]

...and leaks it if not...

 

[Uncle Al]

Wonder how many days before it is reveled that this application now only checks but also widely distributes your passwords?

 

[seeprime]

So you didn't actually read the article then huh?

I read it and don't trust any service like this. My paranoia serves me well.

 

[DelJo63]

I read the article BUT
I giggle when I hear "Trust ME" to protect you. Norton had such a service and reportedly would not let your bank accounts or SSN to leave your system - - just enter the critical data into the protected data screen.

I too am paranoid on this kind of stuff - - if I NEVER provide that kind of data, then it can't leave the system or be stolen, can it!

 

[Trillionsin]

So you didn't actually read the article then huh?

I read it and don't trust any service like this. My paranoia serves me well.

Good.

Even in the article it says "first sign into your 1Password account" if you password manager has an account associated OUTSIDE of your own PC, then you should still be. Now I'm not an expert, nor have I ever used a password manager. Seems like putting all your eggs in one basket to me, but maybe they are only stored on your PC? If so, your PC can still get "hacked" and have a 3rd party access it. If they see a password manager, well that's a target now isnt it? lol

(I too am paranoid with this kind of stuff, reasonably or not.)

 

[DCfam2k]

So you didn't actually read the article then huh?

I read it and don't trust any service like this. My paranoia serves me well.

Good.

Even in the article it says "first sign into your 1Password account" if you password manager has an account associated OUTSIDE of your own PC, then you should still be. Now I'm not an expert, nor have I ever used a password manager. Seems like putting all your eggs in one basket to me, but maybe they are only stored on your PC? If so, your PC can still get "hacked" and have a 3rd party access it. If they see a password manager, well that's a target now isnt it? lol

(I too am paranoid with this kind of stuff, reasonably or not.)

After reading thier "Article "catching my eye." I came to same conclusion as most of you. how ever this is the digital age ya'll definetly shouldn't have live like that this first ones a semi cake walk. By using LastPass 12$ yearly service, along w a partiong bootable USB software, you can make an encrypted USB drive where your Vault Passwords stay alotmore secure than they would. Nice simple guide check it --> ok couldn't find it again my bad tried for 20mins. I promise you tho it's fairly easy to comprehend this forum goes into security http://www.tomsguide.com/answers/id-3464469/security-setup-good.html it basically comes down to knowsing your system an understanding your network equally as best you can. amazon gots this usbs drives with key remotes your passwords encrypted one put in log in ife you start off at this site your find "LARGE" verity https://www.amazon.com/dp/B00NLKA0D8/?tag=httpwwwtechsp-20 . hope that helps