Feature request: Locally check if passwords in my vault show up in the recent password hack files

There are plenty of password databases available on the internet. Most of them from hacks e.g. Linkedin, Tumblr, MySpace and VKontakte. It would be great if 1Password could gather all of them and provide the possibility to locally check if passwords in the vault match up with this database. The passwords with a match could then show up in the Watchtower. This would increase the security enormously.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Locally check if passwords in the vault show up in the recent password hack files

Comments

  • brentybrenty

    Team Member

    @iwaan: It's definitely a cool idea! One obstacle would be we'd likely have to download a rather large database to your device to check this. That's how Watchtower works too, since we don't want 1Password sending information like that out over the internet for privacy and security reasons — and doubly so for passwords themselves. Maybe we can come up with a cover way to do something like this though. :)

  • I guessed that the large database might be an issue :-) 200'000'000 passwords will quickly be around 1-2 GB. Maybe make it optional?

    An alternative would be that you securely salt the passwords in the vault, send it to your servers, use the same salt for all the passwords in your database and compare the hashes. But then you would know which passwords I use if they show up in the database. Not cool, but maybe acceptable...

  • MeganMegan 1Password Alumni

    Hi @iwaan,

    Thanks for the suggestion! We’re always looking for ways to make it more simple for users to be more secure, I’ll pass that idea along. :)

This discussion has been closed.