Check Pwned passwords

Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt. It’s a trustworthy procedure, ensuring that your passwords are safe in Enpass and never sent to the internet. Here’s how you can check your leaked password within Enpass-

  1. From the detail screen of your item, tap on the password field → Choose option menu (3 dots) → click on the Check if Pwned in the context menu.
  2. On the next screen, you’ll see a message to validate the operation. Click Continue.
  3. You will now see the results.

Note

You can also check all the items found with pwned passwords in the Weak passwords list under Password Audit.

How does it work?

It works on the k-Anonymity model where the first five characters of your SHA1 hashed password (the 40-character hash created from your password) is sent to haveibeenpwned.com. In response, it sends the list of all the leaked passwords starting with those same five characters. Enpass then locally compares the passwords’ hash to the list, and if it finds any matching password, you get a warning that the password has been leaked on the internet and must never be used.

Tip

Desktop version of Enpass, lets run the check for all of passwords at once.