AgileBits adds secure way to check for leaked passwords in 1Password | iLounge News


AgileBits adds secure way to check for leaked passwords in 1Password

Only a day after well-known security researcher Troy Hunt launched his new new Pwned Passwords service, AgileBits has already built a proof of concept leveraging the service to help users determine if their passwords have been leaked onto the internet as part of a password breach. In a blog post, the company explains how they’ve integrated 1Password with Hunt’s new online database containing over 500 million passwords that have been collected from various breaches across the internet. While users can visit Pwned Passwords to check their passwords against the database manually, AgileBits has taken this a step further by adding a “Check Password” button in the web-based version of 1Password that can be unlocked with a specific keyboard sequence. This initial integration is strictly a proof of concept at this time, however AgileBits has stated that it plans to add this capability to the Watchtower password monitoring feature within the 1Password Mac and iOS apps to allow users to see if their passwords have been “pwned” right in the app.

The blog post goes on to explain how AgileBits has taken advantage of the work by Troy Hunt and Cloudflare to allow passwords to be checked without having to send actual passwords out to the Pwned Passwords service, or even expose them to AgileBits own servers. The rather clever solution involves sending the first five characters of the forty-character password hash to the service; this is not nearly enough data for the original password to be reconstructed, or even checked against the database directly, but it does allow the server to send back a manageable list of leaked passwords that match the five-character hash prefix, which can then be compared to the user’s original password locally, such that the actual password never leaves the user’s computer.


Related Stories

Subscribe to iLounge Weekly

Sign up for the iLounge Weekly Newsletter

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2018 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy