Check Pwned passwords

Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt. It’s a trustworthy procedure, ensuring that your passwords are safe in Enpass and never sent to the internet. Here’s how you can check your leaked password within Enpass-

Checking Single Password:

  1. Right-click on the password field in the item → Select Check if Pwned from the options menu.
  2. On the next screen, you’ll see a message to validate the operation. Click Continue.
  3. You will now see the results.

Checking passwords in Entire Database:

  1. Under the ≡ menu from the tool bar, select Tools → Check for Pwned Passwords.
  2. On the next screen, you’ll see a message to validate the operation. Click Continue.
  3. You will now see the results.

Note

All the items that you’ve checked having pwned passwords get listed in the Weak passwords list under Password Audit.

How does it work?

It works on the k-Anonymity model where the first five characters of your SHA1 hashed password (the 40-character hash created from your password) is sent to haveibeenpwned.com. In response, it sends the list of all the leaked passwords starting with those same five characters. Enpass then locally compares the passwords’ hash to the list, and if it finds any matching password, you get a warning that the password has been leaked on the internet and must never be used.