Check Pwned passwords¶
Enpass lets you check your passwords against the list of breached passwords managed by Troy Hunt. It’s a trustworthy procedure, ensuring that your passwords are safe in Enpass and never sent to the internet. Here’s how you can check your leaked password within Enpass-
- From the detail screen of your item, tap on the password field → More →
Check if Pwned.
- On the next screen, you’ll see a message to validate the operation. Tap
- You will now see the results.
You can also check all the items found with pwned passwords in the Weak passwords list under Password Audit.
How does it work?¶
It works on the k-Anonymity model where the first five characters of your SHA1 hashed password (the 40-character hash created from your password) is sent to haveibeenpwned.com. In response, it sends the list of all the leaked passwords starting with those same five characters. Enpass then locally compares the passwords’ hash to the list, and if it finds any matching password, you get a warning that the password has been leaked on the internet and must never be used.