Security check

You can check the quality of your passwords by going to Tools → Security Check

In the wizard, you can select which entries should be assessed. You have the following options:

  • All entries in the database
  • Entries in the active view
  • Selected entries in: Allows you to select a folder whose contents should be checked. If desired, you can include sub-folders as well.

Furthermore, you can select or deselect individual entries.

Via Check in Pwned passwords, you can check if your credentials are known to have fallen victim to security breaches. 

Our application integrates with the Pwned service to check the security of user passwords. We ensure privacy and security by never sending the actual password or its complete hash to any external server, including Pwned's.

Process Flow

  1. User Input: The user enters a password in the application.
  2. SHA-256 Hashing: The password is hashed using SHA-256 locally on the user's machine.
  3. Partial Hashing: Only a portion (e.g., first 5 characters) of this hash is sent to the Pwned service.
  4. Pwned Query: Pwned returns a list of hashes that have the same initial characters as our partial hash.
  5. Local Comparison: We compare the full local hash against the list of similar hashes received.
  6. Result: If there's a match, the user is alerted that their password has been compromised in the past and is advised to choose a new one.

Key Points

  • Privacy: At no point is the user's actual password or complete hash transmitted externally.
  • Efficiency: The partial hash is sufficient for Pwned to return a list of possibly compromised hashes, keeping data transmission minimal.
  • Local Processing: All comparisons are made locally, providing an extra layer of security.

Considerations

  • Performance: The operation is lightweight and should not introduce noticeable latency.
  • False Positives: Extremely unlikely, given the length and complexity of SHA-256 hashes.
  • Network Security: Although only partial hashes are sent, ensure your network connection to Pwned is secure (usually via HTTPS).

By implementing this approach, we maintain a robust level of security while also respecting user privacy.

Click Next to analyze the selected entries. The results will show you the following information:

  • !: This column displays the importance of an entry as determined by you in the properties of the entry. Therefore, it does not reflect an assessment of quality.
  • Description
  • Entropy: The term "entropy" in relation to passwords is a measure of the uncertainty or predictability of a password. The higher the entropy, the more difficult it is to guess the password because there are more possible combinations. Entropy is usually expressed in bits and is a logarithmic measure. Each additional bit of entropy doubles the number of possibilities to guess. For example, an entropy of 10 bits means that there are 1,024 (2^10) possible combinations.
  • Dictionary: Shows you how similar the password is to words or other character strings that can be found in dictionaries. The lower the percentage, the more secure the password.
  • Quality: Shows the quality of the password as a colorful bar. The fuller and bluer the bar, the more secure your password.
  • Strength: Tells you how secure your password is in words.

If you click on the title of a column, the entries will be sorted accordingly. The option Display only vulnerable entries allows you to only display entries that Password Depot deems unsafe.

To improve the quality of a password, select it and click Edit.