Due to lack of security awareness, option for easy way and other reasons, quite a few people will repeatedly use the same set of account and password, which could be stolen by the hackers who use the method of “collision attack”. For instance, once your Twitter account and password are leaked and the hackers may try it to log on to other platforms such as Youtube, SnapChat, etc.
The collision attack is that the hacker collects the leaked information of the user account and password via the internet, generates the corresponding dictionary table, tries logging onto other websites in batches and gets a series of the user information which is available to log in.
In order to avoid hitting library attacks, it is a necessity to use different passwords when registering on different platforms. But what are we going to do with the passwords already leaked and disclosed on the Internet? The very simple way is to find out these leaked passwords and the corresponding websites or platforms firstly, and then change the passwords. All of this can be easily completed by applying to 1Password.
AgileBits – 1Password developer teamed up with Troy Hunt, which developed and designed Pwned Passwords to collect more than 3.2 billion publicly leaked passwords on the internet, in the database of which allowing users to check out whether their passwords are leaked or not.
The cooperation between 1Password and Pwned this time is going to integrate search leaks directly into 1Password, allowing the user to check out whether his password has been leaked or not without having to paste it in turn on Troy’s Web site. After retrieval, once the 1Password prompts that the password is not secured “Oops, this password was found”, you need to change the password.
Currently, this service is available only in the 1Password version and you can execute the following steps:
- Log in to your account at 1Password.com;
- Open the password safe vault and check the password details; the three buttons「Copy」「Reveal」and「Largr Type」will occur, when the cursor moves nearby the password;
- Press the shortcut key Shift + Control + Option + C concurrently and a fourth button is going to arise near the password「Check Password」and click on it to check if the password has been disclosed.
Although your password is found in the Troy database and it doesn’t mean that your account has been breached. In that someone else may use the same password as yours. However, the changing of your password to a unique one as soon as possible is strongly recommended.
The 1Password does not transmit your password to a third party in any way and verifies it with the password in the database of Pwned Passwords in a very secure way as well.
Firstly, 1Password operates an irreversible HASH conversion of the password to a completely string beyond recognition, then intercepts the first five characters and sends them to Pwned Passwords. The Pwned Passwords database will send the leaked password starting with these five characters and 1Password operates a local match check. If the result matches, the password may have been disclosed.
Currently, this function is only available in the web version of 1Password and 1Password officially declares that it will be integrated into 1Password applications and Watchtower in the days ahead.