Question on Watchtower functionality
Does it also scan the passwords against a compromised password list, or does it only check for domains that have been compromised?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Watchtower checks each of your passwords against Have I Been Pwned's database of breached passwords by sending the first 5 characters of a 40 character SHA-1 hash. Have I Been Pwned responds with a list of hashes of leaked passwords that start with the same 5 characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then this password has been revealed in a breach and should be changed. Your full passwords never leave your local device and only the first 5 characters of a hash of your password are sent to Have I Been Pwned's servers.
https://blog.1password.com/finding-pwned-passwords-with-1password/
0 -
Thanks so much for the info!!
0 -
Spot-on @missingbits!
I'm glad that helped @xantari, let us know if there's anything else we can help answer. We're here for ya' 💙
0