Your passwords are locked up safe and sound inside your password manager, right? OK, but what about your inbox? You probably never thought about the passwords that might be lingering in long-forgotten email.
For example, what if you forgot a password and requested a reminder? Did you delete the email that provided it? Likewise, a plain-text password might appear in an email confirmation when you sign up for a new site or service.
Should a hacker ever gain access to your mail account, he'd then have easy access to any such passwords.
Dashlane Inbox Scan scours your inbox in search of passwords you've forgotten to delete, along with other potentially risky personal information like addresses and phone numbers. It works with AOL, Gmail, Hotmail and Yahoo accounts, and it's free to use.
To get started, just click "Scan my inbox," then choose a mail service. The irony, of course, is that you must allow Inbox Scan to access the very accounts it aims to protect. According to Dashlane, this is "temporary, read-only" access: "None of your data is stored and we cannot read any of your personal information. Only you can find your vulnerable data in your security report."
And who the heck is Dashlane? The company behind an eponymous password manager that's widely regarded as one of the best. (Aside: It's my personal favorite.) I suppose there's still a leap of faith in trusting any entity with access to your email, but we do it all the time with other services.
Anyway, once the scan is complete, you'll either get a clean bill of health (no passwords detected) or a report indicating what sensitive information was found. I ran it on about four accounts, and luckily for me, all of them came up clean. (That actually struck me as a bit odd, as I have zillions of accounts -- I can't believe there wasn't any evidence of any of them. Maybe I'm just good at deleting mail?)