1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

1Password can now check to see if your passwords have been leaked online

By Shawn Knight ยท 10 replies
Feb 23, 2018
Post New Reply
  1. Security researcher Troy Hunt recently launched a new service called Pwned Passwords that makes it easy to see if your passwords have been leaked on the Internet. The team over at AgileBits Inc. liked the idea so much that they’ve created a proof of concept that integrates the service into their popular password manager, 1Password.

    The proof of concept is available right now for anyone with a 1Password membership. To give it a whirl, first sign into your 1Password account, then click Open Vault. From there, you’ll want to enter the following sequence – Shift-Control-Option-C (or Shift+Ctrl+Alt+C on Windows) – to unlock the proof of concept.

    It’s worth noting that even if you get a positive hit on a password, it doesn’t necessarily mean the associated account was breached. It’s possible that someone else could have been using the same password which of course indicates that your password wasn’t very strong.

    Also of note is the fact that this service works without revealing your password to a third party.

    Thankfully, Troy Hunt and his friends from Cloudflare found a brilliant way to check if my password is leaked without ever needing to send my password to their service. Their server never receives enough information to reconstruct my password.

    First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy’s new service only requires the first five characters of the 40-character hash.

    Additional details on the technical aspects of the checker can be found over on AgileBits’ blog.

    The company said it plans to integrate the functionality into the Watchtower section of 1Password apps down the line.

    Permalink to story.

     
  2. QuaZulu

    QuaZulu TS Enthusiast Posts: 65   +10

    Lol. Nothing like "contra code" to test this thing out.
     
  3. seeprime

    seeprime TS Guru Posts: 268   +257

    This seems counter-intuitive to me. Why would I go online and give my password out for any reason? I see this as a great way to freely provide your password to a site that likely is under constant attack and waiting to be hacked. I'll keep my passwords to myself. Thanks.
     
    DaveBG likes this.
  4. tipstir

    tipstir TS Ambassador Posts: 2,832   +191

    No this doesn't make sense to for me to do sorry I've opt out of showing m password.
     
  5. NightAngel79

    NightAngel79 TS Addict Posts: 197   +51

    So you didn't actually read the article then huh? ;)
     
  6. jwdR1

    jwdR1 TS Enthusiast Posts: 40   +29

    ...and leaks it if not...:)
     
    DaveBG likes this.
  7. Uncle Al

    Uncle Al TS Evangelist Posts: 4,432   +2,888

    Wonder how many days before it is reveled that this application now only checks but also widely distributes your passwords?
     
    DaveBG and DCfam2k like this.
  8. seeprime

    seeprime TS Guru Posts: 268   +257

    I read it and don't trust any service like this. My paranoia serves me well.
     
    NightAngel79 and DCfam2k like this.
  9. jobeard

    jobeard TS Ambassador Posts: 12,366   +1,390

    I read the article BUT
    I giggle when I hear "Trust ME" to protect you. Norton had such a service and reportedly would not let your bank accounts or SSN to leave your system - - just enter the critical data into the protected data screen.

    I too am paranoid on this kind of stuff - - if I NEVER provide that kind of data, then it can't leave the system or be stolen, can it!
     
    DCfam2k and seeprime like this.
  10. Trillionsin

    Trillionsin TS Evangelist Posts: 1,743   +360

    Good.

    Even in the article it says "first sign into your 1Password account" if you password manager has an account associated OUTSIDE of your own PC, then you should still be. Now I'm not an expert, nor have I ever used a password manager. Seems like putting all your eggs in one basket to me, but maybe they are only stored on your PC? If so, your PC can still get "hacked" and have a 3rd party access it. If they see a password manager, well that's a target now isnt it? lol

    (I too am paranoid with this kind of stuff, reasonably or not.)
     
    DCfam2k and seeprime like this.
  11. DCfam2k

    DCfam2k TS Rookie



    After reading thier "Article "catching my eye." I came to same conclusion as most of you. how ever this is the digital age ya'll definetly shouldn't have live like that this first ones a semi cake walk. By using LastPass 12$ yearly service, along w a partiong bootable USB software, you can make an encrypted USB drive where your Vault Passwords stay alotmore secure than they would. Nice simple guide check it --> ok couldn't find it again my bad tried for 20mins. I promise you tho it's fairly easy to comprehend this forum goes into security http://www.tomsguide.com/answers/id-3464469/security-setup-good.html it basically comes down to knowsing your system an understanding your network equally as best you can. amazon gots this usbs drives with key remotes your passwords encrypted one put in log in ife you start off at this site your find "LARGE" verity https://www.amazon.com/dp/B00NLKA0D8/?tag=httpwwwtechsp-20 . hope that helps
     
    NightAngel79 likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...