Jump to content
OLLI_S

Check Entries agains known Breaches

Recommended Posts

Hello,

I have a suggestion for Enpass that increases the security of passwords and alerts the user when a website was hacked and a password change is recommended.

The password manager 1Password has a feature called watchtower.
They have a internal database of security breaches (the site was hacked and user data was stolen) and check if the password of the specified website was changed after the breach.
So they have two modification dates: one modification date of the password itself and one for the total entry.

Example:
The password entry for a page was last changed today, but the password itself was changed 2 years ago.
When there was a breach for this website 6 months ago, then 1Password would alert the user and recommend a password change.

For the password manager KeePass there was a new plugin released today, called HaveIBeenPwned.
This plugin downloads the public breach lists form "'have i been pwned?" and from "Cloudbleed Checker"
The website of the plugin is
https://github.com/andrew-schofield/keepass2-haveibeenpwned

Suggestion:
I suggest that you add also such a feature in Enpass.
In my opinion it is OK if you use the public lists (like the KeePass Plugin).
So Add in the "Password Audit" two new entries for these services and check all password entries.
It is up to you if you implement a separate modification date of the password.

Regards

OLLI

Edited by OLLI_S
  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×