Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

1Password Checks Already Pwned Passwords

February 28, 2018

The latest NIST (National Institute of Standards and Technology) guidelines state that the password used for authentication should be checked against a database of known compromised passwords. Troy Hunt has created such a database and it includes over half a billion entries from past data breaches. The concept is pretty simple. When you create a password for a system, check to see if it has already been used by someone else AND has been compromised. 1Password now has the ability to go up against the database Troy has made available via API (Application Programming Interface).

According to the post, you can try out the proof of concept by entering the "magic" keyboard sequence of Shift-Control-Option-C for Mac or Shift+Ctrl+Alt+C on Windows. You will then have the option to check your password against the service that Troy has made available. You will then be notified if the password was previously compromised.

If you are not a 1Password user, you can always go directly to the website and enter your intended new password to see if it has been previously been used by someone else. Either way, you should change your password to something else if there's a hit.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com