If you are following the news lately, you might be aware that someone dumped a huge list of email addresses and passwords on a torrent website. It is the biggest data dump of this kind and goes by the name Collection #1. There is a website called, Have I Been Pwned where you can check if your email address and password are compromised or not. But if you are having second thoughts about entering your email address and password on a website, this article can help you out check if you have been pwned or not in a more safer way.
In this article, I will show you how to check all your password against Have I Been Pwned database locally. With this method, you don’t have to enter your password on the web, instead, you can check it in the safe environment of your own system by downloading the Have I Been Pwned password database. You can also disable the internet to be double sure about privacy.
Check All Your Passwords against Have I Been Pwned Locally
To check your password against Have I Been Pwned locally, you are going to need a password manager called KeePass. It’s an open source software with source code published on the GitHub. Then, you have to download the password database from Have I Been Pwned website. Make sure, you download the latest SHA-1 (ordered by Hash) file. This password database you get from the website is a ~9 GB compressed file which you have to extract to get the actual text file (~26 GB).
Once you have that, download the latest version of the KeePass plugin HIPB Offline Check. This is an open source plugin for KeePass specially designed to check passwords against database files. Download both “HIBPOfflineCheck.plgx” and “HIBPOfflineCheck.plgx.asc” file and place them inside the Plugins folder under the KeePass installation directory (usually C:\Program Files (x86)\KeePass Password Safe 2).
After that, run the KeePass password manager and create a database of your password. The process is simple and straightforward, you can read more on it here. If you use LastPass, you can follow this article to import your data to KeePass.
When you have all the password that you want to check saved in the KeePass password manager, go to the Tools section from the menubar and click the HIPB Offline Check plugin.
This opens the plugin window on your screen. In this window, browse and select the extracted password database file and click OK.
Now, the database is connected with the plugin, all you need to do is add a column in the KeePass that will show check status. To do that, go to View -> Configure Columns. This opens the KeePass column configuration window on your screen. At the bottom of this window, you’ll find Have I been pwned option under Provided by Plugins section. Check that option and click OK to add that column.
After all that, you can check your passwords against the password database. Simply double tap on the password that you want to check and it will show if that email address(/username) and password combination has been pwned or not.
By following this tutorial, you can check all your password against the Have I Been Pwned password database locally. Checking your passwords against the pwned password database gives you a piece of mind that no one is trying to get your information while you checking.