Question on Watchtower functionality

Does it also scan the passwords against a compromised password list, or does it only check for domains that have been compromised?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    Watchtower checks each of your passwords against Have I Been Pwned's database of breached passwords by sending the first 5 characters of a 40 character SHA-1 hash. Have I Been Pwned responds with a list of hashes of leaked passwords that start with the same 5 characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then this password has been revealed in a breach and should be changed. Your full passwords never leave your local device and only the first 5 characters of a hash of your password are sent to Have I Been Pwned's servers.

    https://blog.1password.com/finding-pwned-passwords-with-1password/

  • xantari
    xantari
    Community Member

    Thanks so much for the info!!

  • Spot-on @missingbits!

    I'm glad that helped @xantari, let us know if there's anything else we can help answer. We're here for ya' 💙

This discussion has been closed.