X

Scan your inbox to find stray passwords (before hackers do)

Dashlane's new Inbox Scan tool sifts through your email in search of vulnerable information you may have forgotten to erase.

Rick Broida Senior Editor
Rick Broida is the author of numerous books and thousands of reviews, features and blog posts. He writes CNET's popular Cheapskate blog and co-hosts Protocol 1: A Travelers Podcast (about the TV show Travelers). He lives in Michigan, where he previously owned two escape rooms (chronicled in the ebook "I Was a Middle-Aged Zombie").
Rick Broida
2 min read

dashlane-inbox-scan-scanning.jpg
Dashlane Inbox Scan gets to work. Screenshot by Rick Broida/CNET

Your passwords are locked up safe and sound inside your password manager, right? OK, but what about your inbox? You probably never thought about the passwords that might be lingering in long-forgotten email.

For example, what if you forgot a password and requested a reminder? Did you delete the email that provided it? Likewise, a plain-text password might appear in an email confirmation when you sign up for a new site or service.

Should a hacker ever gain access to your mail account, he'd then have easy access to any such passwords.

Dashlane Inbox Scan scours your inbox in search of passwords you've forgotten to delete, along with other potentially risky personal information like addresses and phone numbers. It works with AOL, Gmail, Hotmail and Yahoo accounts, and it's free to use.

dashlane-inbox-scan-select-inbox.jpg
Screenshot by Rick Broida/CNET

To get started, just click "Scan my inbox," then choose a mail service. The irony, of course, is that you must allow Inbox Scan to access the very accounts it aims to protect. According to Dashlane, this is "temporary, read-only" access: "None of your data is stored and we cannot read any of your personal information. Only you can find your vulnerable data in your security report."

And who the heck is Dashlane? The company behind an eponymous password manager that's widely regarded as one of the best. (Aside: It's my personal favorite.) I suppose there's still a leap of faith in trusting any entity with access to your email, but we do it all the time with other services.

dashlane-inbox-scan-protected.jpg
Screenshot by Rick Broida/CNET

Anyway, once the scan is complete, you'll either get a clean bill of health (no passwords detected) or a report indicating what sensitive information was found. I ran it on about four accounts, and luckily for me, all of them came up clean. (That actually struck me as a bit odd, as I have zillions of accounts -- I can't believe there wasn't any evidence of any of them. Maybe I'm just good at deleting mail?)