Support automatic checking for compromised passwords through the HaveIBeenPwned API

So there is a website called “have I been pwned” that catelogues all the important username password data leaks. You can enter in your email address and then they will tell if you’ve been “pwned”. They’ll tell you what platforms your information has been leaked from, what the rough date of the database information is, and when that leak was surfaced.

They also started a new (also free) service in which you can put in a password and see if it’s been compromised in an account. They don’t tell you the account name, what service it’s on, anything of that sort. They just let you know how many times that password has turned up in data leaks.

It’s super useful. Maybe you’re smart and you’ve got a very long hard to crack and unique password, but you use it across multiple services and then a data leak from some half remembered forum account gets leaked. How do you know if that old forum account still had the password that you use for everything else?

No way to know. So that’s what this service is for.

It’s accessible by API. So far 1Password has implemented it. I currently use LastPass. I would like to get off my close source password manager that I pay money for. BitWarden seems to be one of the best.

But I’m lazy. If this feature was implemented I would switch instantly, switch my extended family, and literally tell everyone I knew because password managers are one of the things that non-techies should be using more, and don’t.

The premium version already has this feature.


also the free version lets you check passwords individually one by one.

This just have been implemented. I think it’s time to close this thread.

Obs.: It is also a free feature to use.

This is awesome! Thanks so much. I’m going to try it out now!

Time to close this thread, @kspearrin.