1Password, the password management application, has introduced a new proof-of-concept feature that alerts you when you use a compromised password. The feature integrates a new service that was launched earlier this week by web security expert Troy Hunt called Pwned Passwords, which allows users to verify if a password they are using has already been leaked to the Internet. The database has more than 500 million passwords compiled from previous breaches.
As of today, anyone with 1Password membership can use this service, which is integrated with the Hunt database. To do so, simply log in to your 1Password account, click Open Vault and then select an item to see its details. If you are on a Mac, press and hold the Shift-Control-Option-C key, or Shift + Ctrl + Alt + C if you are using Windows, to unlock the proof-of-concept function, then click on "verify" button "password" to see if your password matches any in the Hunt database.
AgileBits, the company behind 1Password, says that checking your password using this feature is safe. The company says it hash its password using the SHA-1 (Secure Hash Algorithm 1) and sends the first five characters of the 40-character hash to the Hunt service. The Hunt server then sends a hash list of filtered passwords that start with those same five characters, and 1Password compares the list locally for a full match.
AgileBits notes that even if your password reveals a match, it does not necessarily mean that your account has been violated, but someone else may have been using the same password. Anyway, AgileBits recommends that users change their password if this happens. The company says it will add this feature to its Watchtower tool within the 1Password applications in the future.
While keeping long and unique passwords on your various accounts can be time-consuming, it's certainly worth it, considering how susceptible companies are to data breaches. You run more risk if you use basic passwords or the same in different websites. To be sure, be sure to use a password manager.