Check Pwned passwords¶
Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt. It’s a trustworthy procedure, ensuring that your passwords are safe in Enpass and never sent to the internet. Here’s how you can check your leaked password within Enpass-
Checking Single Password:
Right-click on the password field in the item → Select
Check if Pwnedfrom the options menu.
On the next screen, you’ll see a message to validate the operation. Click Continue.
You will now see the results.
Checking passwords in Entire Database:
In the sidebar on the left, go to PASSWORD AUDIT section and click on Pwned.
Follow the on-screen steps to check for pwned passwords in the haveibeenpwned.com database.
All the items that you’ve checked having pwned passwords get listed in the Weak passwords list under Password Audit.
How does it work?¶
It works on the k-Anonymity model where the first five characters of your SHA1 hashed password (the 40-character hash created from your password) is sent to haveibeenpwned.com. In response, it sends the list of all the leaked passwords starting with those same five characters. Enpass then locally compares the passwords’ hash to the list, and if it finds any matching password, you get a warning that the password has been leaked on the internet and must never be used.