Forum Discussion

Super Contributor

3 years ago

5 characters- collision

i know 1password used haveibeenpwned. according the website "When you search Pwned Passwords The Pwned Passwords feature searches previous data breaches for the presence of a user-provided pass...

windows

Former Member

3 years ago

pathfinder76 You didn't read the complete password checking description. The first 5 characters of the hash are sent to HIBP, then HIBP sends back every hash known from some breach that starts with these 5 characters. As far as I remember, it's about 5-30 hashes you're getting this way. This is then checked by some Javascript locally in your browser, and if one of these hashes match, it's reported. HIBP doesn't get notified which of the hashes actually matched or whether one matched at all.

Forum Discussion

5 characters- collision

Featured discussions

December 2025 at 1Password: More browser options, easier sign-in, and safer saving and filling

Recent discussions

1Password Access after Death, Legacy Contacts

Editing tags on multiple items

With non English language as system 1password keeps opening when opening other apps

Multiple Authentications when using 1P on an iPad

"Open and Fill" goes too quickly for me to make use of a passkey sign in