Question about Watchtower vulnerable password integration with haveibeenpwned.com.

Frequent Contributor

2 years ago

Grey:

Thank you for the quick response. Just to clarify, my concern about workload was not really about the hashing time. I assumed (perhaps incorrectly) that hashing only needs to occur at the time a new password is created, or an old one is updated, and that the hash could be stored directly in the 1Password record for future comparisons with haveibeenpwned. I don't really see a need to hash every time you communicate with haveibeenpwned. Or do I have that wrong?

My workload concern was really about the amount of I/O required to communicate with haveibeenpwned.com. As I mentioned in my original question, if I have several hundred passwords stored in 1Password and haveibeenpwned returns 500 rows of 35-byte suffixes for each and every password I have stored in 1Password, that is a lot of I/O to process on the client every day. CPU cycles are cheap; I/O is not.

This raises an additional question about the design. Does this communication with haveibeenpwned occur on all platforms? Or is it just performed on "power" platforms like Windows, Mac and Unix, and then synchronized with less powerful platforms (like phones) using the regular 1Password sync process? Just curious.

Thanks again.
Dean

Forum Discussion

Question about Watchtower vulnerable password integration with haveibeenpwned.com.

Featured discussions

December 2025 at 1Password: More browser options, easier sign-in, and safer saving and filling

Recent discussions

Keyboard does not work in Windows Hello

Browser Beta: Feedback regarding the new sign-in experience

MacOS Application w/ Google Titan

enable auto-fill for localhost (local IP network device) websites

emergency kit for other family users