Finally found a use for the CLI!

trevorwalton
trevorwalton
Community Member

When this was released a while back, I was all excited about being able to use 1Password on the command-line.

My excitement soon faded, as I didn't really have a valid use-case.

Cut to yesterday and all the excitement over the latest haveibeenpwned.com password hash list update, along with a way to (relatively) securely query it without sending your full password hashes.

I borrowed the meat of the script from Cloudflare's blog post, and mashed it together with some logic to query/parse the output from the 1Password CLI, and now have a way to check all my passwords against the list. 1passwordpwnedcheck.sh

Then I found out that 1Password had already incorporated this feature into their web interface. Doh!

At least with the CLI version you can test all your passwords in one go, which would be kind of tedious via the web interface, so it wasn't a complete waste of time.

Granted, 1Password users might not be the best targets for such a tool, as we're hopefully using strong, randomly generated passwords, but for those people in your life who you may have gifted a membership to, and they just migrated over all their old, poor passwords, this tool could be an eye-opener.

Hope someone finds it useful.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @trevorwalton: That is so, so awesome! When I say we had no idea that the CLI app would be used this way, I mean it literally: we didn't have a clue that Troy was doing that until he did. That was such a great surprise on its own, but that you've also already put the CLI app to work using Pwned Password v2 is icing on the cake.

    I think you're right philosophically that 1Password users are less likely to have pwned passwords...but it isn't only weak/reused passwords that get pwned; strong passwords 1Password creates can sadly get pwned too when websites are breached or just have bad security in the first place, and finding out if one of ours are pwned will allow us to change them.

    Thank you for telling us about this! It's just more inspiration for us to integrate this directly into all the apps so that even more people can use Troy's great service. Cheers! :)

  • cohix
    cohix
    1Password Alumni

    Yup, Brenty said it, this is damn awesome. Thanks for sharing @trevorwalton !

  • arunsathiya
    arunsathiya
    Community Member

    This is an excellent work, I ran it once last week and encouraged all my friends to use it as well, and they love it. :)

  • cohix
    cohix
    1Password Alumni

    Glad to hear it @arunsathiya :)

This discussion has been closed.