Has your password been stolen? Find out with this tool

The Pwned Passwords tool makes it easier to know if your old passwords have been compromised.

Marguerite Reardon Former senior reporter

Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.

See full bio

Marguerite Reardon

Feb. 26, 2018 8:16 a.m. PT

2 min read

screen-shot-2018-02-26-at-11-04-01-am — AgileBits says it has integrated the tool into its 1Password password manager.
James Martin/CNET

A new service makes it easier to know if old passwords you've used have been made public in a data breach.

The Pwned Passwords tool, integrated into the popular password manager 1Password, lets customers type in an old password and find out if it's been leaked in a data breach.

Security researcher Troy Hunt announced the tool, which lists more than 500 million leaked passwords, last week. Users can access it online. Developers can also use an API to incorporate the function in their own tools.

AgileBits is the first company to announce it's integrated the tool into its password manager, 1Password. In a blog post Thursday, the company explained how the service works. It doesn't transmit the entire password to the service to be looked up. Instead it produces a cryptographic hash function known as SHA-1, which uses the first five characters of the password to look for a match. This is more secure than sending the entire password, the company said. For a more detailed look at how it works, AgileBits recommends reading Hunt's detailed description in his blog post.

AgileBits also said a positive hit in the database doesn't necessarily mean your account has been compromised.

"Someone else could have been using the same password," the company said. "Either way, we recommend you change your password."

The tool comes as companies like Yahoo and Equifax, a credit monitoring agency, within the past year have reported massive security breaches that affected billions of people. In October, Yahoo announced the largest hack ever, saying all 3 billion of its customers' accounts had been breached in 2013. Equifax said in September that hackers stole information -- including Social Security numbers, credit card numbers, names and addresses -- on up to 143 million Americans.

Keep in mind that the Pwned Passwords tool should only be used to search for old passwords. You shouldn't be checking whether a current password has been hacked, since it's never a good idea to share an existing password with a third party.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.