In this article: What is it and how to check your passwords in SafeInCloud
1. What is a compromised password
Compromised passwords are passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts.
SafeInCloud uses the well-known and trusted website haveibeenpwned.com to check if any of your passwords have been compromised. This site has a database of over half a billion passwords that have been leaked. SafeInCloud does not send any of your passwords or their hashes to this site. Instead, a k-anonymity approach is used to ensure that your passwords are secure during verification. See links below for more details:
- https://haveibeenpwned.com/Passwords
- https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
- https://en.wikipedia.org/wiki/K-anonymity
2. How to check passwords
In the main app view (Card list) swipe from the left edge to the right to open the Side menu. Or you can press the Hamburger icon (3 horizontal stripes) in the top-left corner. Select Compromised Passwords from the list under Security section.
!NB The side menu labels contains cards for the currently selected database.
Compromised Passwords page contains a list of cards with found compromised passwords and info when the last check was completed.
Press Check to start a new search for compromised passwords in your database. Information about compromised passwords will be shown. Select Check Passwords.
On the check completion the result on how many compromised passwords were found will be shown.
!NB The result is reflecting how many unique passwords were found. However, the resulting list of cards can contain more cards, if some cards have the same passwords.