1Password bolts on a ‘pwned password’ check
Password management service 1Password has a neat new feature that lets users check whether a password they’re thinking of using has already been breached. At which point it will suggest they pick another.
This is in addition to the more usual password strength indicator bar that tries to encourage web users to improve their security practices. The pwnage check builds on that by further reducing the risk of password reuse because it’s verifying if the specific password has appeared in a number of known data breaches.
To power the feature, 1Password is leaning on Pnwed Passwords, a service launched by Troy Hunt last summer, and updated this month with a chunk more password data. It now contains around half a billion downloadable passwords, harvested by Hunt from various online dumps resulting from all sorts of different data breaches. The passwords in the database have been hashed by Hunt with SHA-1.
Source | techcrunch