1passwordPassword management app 1Password this week got a new feature on the web, and developer AgileBits described it as a way for users to check and make sure that their passwords aren't "pwned passwords," or passwords that have been leaked online. While the launch is web-only right now, AgileBits said it will be coming to 1Password apps in the future.

1Password's new feature integrates with a newly updated service by Troy Hunt -- who previously created a breach notification service called Have I Been Pwned -- and securely and privately checks your passwords against more than 500 million passwords collected from various breaches.

This way, users can further ensure that their passwords saved within 1Password are as secure as possible, and if Hunt's new service surfaces a warning about compromised data, they can change to a new one without leaving 1Password.

1password pwned passwords
Pwned Passwords originally launched as a feature within Have I Been Pwned last August, but Hunt has now updated it to version two and greatly expanded the amount of passwords indexed, originally starting with 320 million. For 1Password's integration, which is still just a proof of concept as of now, AgileBits said the feature is available today to everyone with a 1Password membership, and shared the following steps:

- Sign in to your account on 1Password.com.

- Click Open Vault to view the items in a vault, then click an item to see its details.

- Enter the magic keyboard sequence Shift-Control-Option-C (or Shift+Ctrl+Alt+C on Windows) to unlock the proof of concept.

- Click the Check Password button that appears next to your password.

Once you click "Check Password," 1Password will communicate with Hunt's service of indexed passwords, letting you know if yours exists in his database. As AgileBits pointed out, "If your password is found, it doesn't necessarily mean that your account was breached. Someone else could have been using the same password." Still, the company encouraged immediate action for any user who sees a confirmation of a password matching to Hunt's service.


In the announcement, AgileBits ensured that this communication with Pwned Passwords keeps user passwords "private and secure" because they are "never sent to us or his service." Hunt's service never receives the full password, and only requires the first five characters of each password hash. The developer stated, "we would never add it to 1Password unless it was private and secure."

First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy’s new service only requires the first five characters of the 40-character hash.

To complete the process, the server sends back a list of leaked password hashes that start with those same five characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then we know this password is known and should be changed.

Hunt goes into more detail about Pwned Passwords in his own announcement post about the update to the service. AgileBits confirmed that it will be adding Pwned Passwords to its own security breach warning feature, called Watchtower, within 1Password apps "in future releases."

Tags: 1Password, AgileBits

Top Rated Comments

Christoffee Avatar
Christoffee
101 months ago
Sometimes an idea is so obvious and fabulous I’m at a loss as to why it’s not been done before. I guess it’s only obvious once it’s obvious.
Score: 10 Votes (Like | Disagree)
wfrancis Avatar
wfrancis
101 months ago
It's a great program. I recommend it to everyone.
WAS a great program. It used to be standalone (the only reason I still use it) but they needlessly forced new users to switch to a subscription model so you have to keep buying it over and over again. No thanks.
Score: 9 Votes (Like | Disagree)
AGKyle Avatar
AGKyle
101 months ago
WAS a great program. It used to be standalone (the only reason I still use it) but they needlessly forced new users to switch to a subscription model so you have to keep buying it over and over again. No thanks.
We never removed the option to purchase a standalone license. As linked by others in this thread. It's also available via the Mac App Store app, feel free to check the available in-app purchases for proof of that.

Is it being kept up to date along with the subscription version?
Same question stands for the windows version
There is no difference between our standalone version of the app and the subscription version in terms of downloads. They're the same identical app. Bug fixes, improvements, and new features are added all the time. Some of those features may only be available for our subscription customers as they piggy back on features that are only possible due to our servers on the subscription side. But where possible we add features for both standalone customers and subscription customers.

SHA-1 is a worthless hash. There are rainbow tables for every possible entry. This service seems like it's a breach waiting to happen.
You missed the important bit. Your password is hashed.

Then we take the first 5 characters of the hash and send that over.

The Have I Been Pwned server takes these first 5 characters, compares to the database, finds all hashed passwords that match the first 5 characters and send those back to the client (1Password) which then checks the returned hashes to see if a match is made.

Your fully hashed password is never sent to the server, only the first 5 characters. Troy Hunt, the creator of Have I Been Pwned has stated that pretty much every 5 character prefix hash has ~500 results, and it's entirely possible that password isn't even in the results and is safe. So it really doesn't help much at all, combined with the fact no username or URL is sent.
Score: 8 Votes (Like | Disagree)
BigMcGuire Avatar
BigMcGuire
101 months ago
I had the grandfathered? app purchase from years and years ago and I never felt forced or even coerced by Agilebits to upgrade. I got the 1Password Family Teams plan recently - because I wanted to. Never once was I forced or more than a few times encouraged to get the Teams / subscription plan - this is something VERY FEW companies do. Most companies blast in your face: "UPGRADE NOW" every time you open the app. Because Agile bits didn't do this was a huge factor in my decision to upgrade. I will go out of my way to not upgrade when companies "force" or overly coerce.

So up until recently I was using the iCloud standalone app and want to voice my opinion that I was never forced or even slightly encouraged to upgrade via the application.
Score: 7 Votes (Like | Disagree)
Eidorian Avatar
Eidorian
101 months ago
It's a great program. I recommend it to everyone.
Score: 7 Votes (Like | Disagree)
justiny Avatar
justiny
101 months ago
WAS a great program. It used to be standalone (the only reason I still use it) but they needlessly forced new users to switch to a subscription model so you have to keep buying it over and over again. No thanks.
I disagree. When a developer continues to improve and enhance a high-quality application (specifically in the field of information security where threats evolve daily), I don’t mind them getting paid along the way.
Score: 6 Votes (Like | Disagree)
Read All Comments

Popular Stories

Apple Shopping Event 2025

Apple Announces 2025 Black Friday Event, Here's What You Can Get

Thursday November 20, 2025 6:28 am PST by
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 28 through Monday, December 1 in many countries, including the United States, Canada, Australia, New Zealand, France, Germany, Italy, Spain, the United Kingdom, Belgium, the Netherlands, Sweden, Thailand, and others. During the shopping event, customers can get an Apple gift card with...
Read Full Article41 comments
iOS 26

iOS 26.2 Adds These New Features to Your iPhone

Thursday November 20, 2025 10:50 am PST by
iOS 26.2 is currently in beta testing. The upcoming update includes a handful of new features and changes on the iPhone, including a new Liquid Glass slider for the Lock Screen's clock, offline lyrics for Apple Music, and more. In a recent press release, Apple confirmed that iOS 26.2 will be released to all users in December, but it did not provide a specific release date. Keep reading...
Read Full Article27 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Wednesday November 19, 2025 4:00 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article104 comments
hikawa phone grip stand apple%402x

Apple Launches Second Limited-Edition iPhone Accessory in a Month

Friday November 21, 2025 3:53 am PST by
Apple has begun selling the Hikawa Phone Grip and Stand, a new limited-edition iPhone accessory designed with accessibility in mind. Designed by LA-based Bailey Hikawa to celebrate the 40th anniversary of accessibility at Apple, the grip uses magnets to securely snap onto any iPhone with MagSafe. Apple says it can be removed with ease, and doubles as a stand with two different viewing...
Read Full Article126 comments
ipad mini 7 feature red and blue

iPad Mini 8: Four Major New Features to Expect

Wednesday November 19, 2025 7:50 am PST by
Apple's eighth-generation iPad mini is highly likely to arrive next year, offering a significant refresh of the device with at least four major new features. OLED Display The next-generation version of the iPad mini could feature an OLED display, as part of Apple's plan to expand the display technology across many more of its devices. Apple's first OLED device was the Apple Watch in 2015, ...
Read Full Article67 comments
ipad black friday 2025

The Best Early Black Friday iPad Deals

Thursday November 20, 2025 10:20 am PST by
Black Friday is just over a week away, and iPad deals have finally started to flood in at retailers like Amazon and Best Buy. Below we're tracking discounts on every current generation iPad, including lowest-ever prices on M3 iPad Air and M5 iPad Pro, plus steep markdowns on iPad and iPad mini. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a ...
Read Full Article7 comments
watchos 26 workout app

Apple Watch Users Claim Workout App Is Now Worse in Every Way

Thursday November 20, 2025 7:01 am PST by
Apple Watch owners have been voicing their frustration online over changes to the Workout app that Apple introduced in watchOS 26, with many finding the redesigned interface makes starting exercises difficult and exasperating. When Apple launched watchOS 26 in September, the Workout app went from large, easily tapped workout tiles to a scrolling, corner-button interface. Instead of tapping a ...
Read Full Article229 comments
applecare apple care banner

Apple Brings New AppleCare+ Options to India

Tuesday November 18, 2025 8:42 am PST by
Apple today announced an expansion of AppleCare+ coverage in India, with new options for monthly and annual plans, and the addition of Theft and Loss for iPhone for the first time. Options for monthly and annual AppleCare+ plans in India provide more choice and flexibility, allowing users to keep coverage for as long as they require. Apple's vice president of Worldwide iPhone Product...
Read Full Article6 comments
apple wallet drivers license feature iPhone 15 pro

Two More U.S. States Commit to Offering iPhone Driver's Licenses in Apple Wallet App

Thursday November 20, 2025 8:21 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. Earlier this week, Illinois became the 13th state in the U.S. to offer the feature. Subsequently, we shared a list of additional states that are committed...
Read Full Article38 comments