How to audit your compromised passwords with Enpass

data breach

Earlier this year, we learned about Collection #1, the largest data breach on the internet ever, where a database of hundreds of millions of sets of email addresses and passwords appeared on the dark web for sale.

Such instances expose confidential and private data of millions of users that can be used for identity theft and nefarious cybercrimes. In most cases, these incidents do not have an immediate impact but are a ticking time bomb.

While Enpass helps you in generating strong passwords, in case of a data breach, those secure and unique passwords could also be compromised. Here’s how Enpass can help you audit your passwords after a data breach and the steps you can take to fix things.

What is ‘Have I Been Pwned’?

Have I Been Pwned is an online service that allows users to check if their personal data has been compromised by data breaches. Created in 2013, the service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address.

The service is built by Troy Hunt, an Australian web security specialist recognized for public teaching and outreach on security matters.

How to audit passwords exposed in a data breach

Enpass allows you to check your passwords against a database of breached passwords – maintained by Have I Been Pwned. These passwords are, of course, at much higher risk and should not be used anymore.

Here’s how you can audit your passwords using the Enpass app on Windows and macOS:

  • Open the Enpass app, and in the left sidebar under the Password Audit section, click Pwned.
  • You will then get a message to validate the operation. Click Continue.

Once done, you will be able to see the result. All the items with pwned (compromised) passwords will be listed in the Pwned list under Password Audit section.

Also, when you learn about a new data breach at a particular app or service you use, you can individually check the password of that item.

What to do if you’re affected by a data breach?

If you’re affected by any data breach, you need to change your password immediately.

As we always insist, use the password generator in Enpass to create strong and robust passwords for your accounts. The password generator allows you to modify the complexity of passwords according to your preference – even allowing you to create pronounceable, yet complex, passwords.


Well, that’s that! If you have any query or suggestions, let us know on Twitter at @EnpassApp or on Facebook. Of course, you may also drop us a line at support@enpass.io for any help. Likewise, to start any discussion, head straight to the Enpass Forums.

You can get started with Enpass by downloading it on your Windows PC, Mac, or Linux desktop or on your iPhone or Android smartphone.