Check if pwned

Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt. It’s a trustworthy procedure, ensuring that your passwords are safe in Enpass and never sent to the internet. Here’s how you can check your leaked password within Enpass-

  1. From the detail screen of your item, right click on the password field and click on the ‘Check if pwned’ in the context menu.
  2. You’ll see a dialog with a message to validate the operation. Click OK to continue.
  3. You will now see the results.

How does it work?

It works on the k-Anonymity model where the first five characters of your SHA1 hashed password (the 40-character hash created from your password) are sent to haveibeenpwned.com. In response, it sends the list of all the leaked passwords starting with those same five characters. Enpass then locally compares the passwords’ hash to the list, and if it finds any matching password, you get a warning that the password has been leaked on the internet and must never be used.