CINXE.COM

Have I Been Pwned: Why 1Password?

<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0"> <title>Have I Been Pwned: Why 1Password?</title> <meta property="og:title" content="Have I Been Pwned: Why 1Password?" /> <meta name="description" content="Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised."> <meta property="og:description" content="Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised." /> <meta property="og:url" content="https://haveibeenpwned.com/1Password" /> <meta property="og:image" content="https://haveibeenpwned.com/Content/Images/SocialLogo.png" /> <meta property="fb:app_id" content="553845121487108" /> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/css/bootstrap.min.css" integrity="sha512-Dop/vW3iOtayerlYAqCgkVr2aTr2ErwwTYOvRFUpzl2VhCMJyjQF0Q9TjUXIo6JhuM/3i0vVEt2e/7QQmnHQqw==" crossorigin="anonymous" referrerpolicy="no-referrer" /> <link rel="alternate" type="application/rss+xml" title="Have I Been Pwned latest breaches" href="https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches" /> <link href="/content/css/pwned?v=QqHv4S4ISjFIUVd6yx3EVXLe_Iyc0FGEtMhu7ZZyL681" rel="stylesheet"/> <link href="//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous" /> <link rel="shortcut icon" href="/favicon.ico"> <script type="text/javascript" nonce="xsqivFnsbfXg/G3RC7QEt4ZF"> !(function (cfg){function e(){cfg.onInit&&cfg.onInit(n)}var x,w,D,t,E,n,C=window,O=document,b=C.location,q="script",I="ingestionendpoint",L="disableExceptionTracking",j="ai.device.";"instrumentationKey"[x="toLowerCase"](),w="crossOrigin",D="POST",t="appInsightsSDK",E=cfg.name||"appInsights",(cfg.name||C[t])&&(C[t]=E),n=C[E]||function(g){var f=!1,m=!1,h={initialize:!0,queue:[],sv:"8",version:2,config:g};function v(e,t){var n={},i="Browser";function a(e){e=""+e;return 1===e.length?"0"+e:e}return n[j+"id"]=i[x](),n[j+"type"]=i,n["ai.operation.name"]=b&&b.pathname||"_unknown_",n["ai.internal.sdkVersion"]="javascript:snippet_"+(h.sv||h.version),{time:(i=new Date).getUTCFullYear()+"-"+a(1+i.getUTCMonth())+"-"+a(i.getUTCDate())+"T"+a(i.getUTCHours())+":"+a(i.getUTCMinutes())+":"+a(i.getUTCSeconds())+"."+(i.getUTCMilliseconds()/1e3).toFixed(3).slice(2,5)+"Z",iKey:e,name:"Microsoft.ApplicationInsights."+e.replace(/-/g,"")+"."+t,sampleRate:100,tags:n,data:{baseData:{ver:2}},ver:undefined,seq:"1",aiDataContract:undefined}}var n,i,t,a,y=-1,T=0,S=["js.monitor.azure.com","js.cdn.applicationinsights.io","js.cdn.monitor.azure.com","js0.cdn.applicationinsights.io","js0.cdn.monitor.azure.com","js2.cdn.applicationinsights.io","js2.cdn.monitor.azure.com","az416426.vo.msecnd.net"],o=g.url||cfg.src,r=function(){return s(o,null)};function s(d,t){if((n=navigator)&&(~(n=(n.userAgent||"").toLowerCase()).indexOf("msie")||~n.indexOf("trident/"))&&~d.indexOf("ai.3")&&(d=d.replace(/(\/)(ai\.3\.)([^\d]*)$/,function(e,t,n){return t+"ai.2"+n})),!1!==cfg.cr)for(var e=0;e<S.length;e++)if(0<d.indexOf(S[e])){y=e;break}var n,i=function(e){var a,t,n,i,o,r,s,c,u,l;h.queue=[],m||(0<=y&&T+1<S.length?(a=(y+T+1)%S.length,p(d.replace(/^(.*\/\/)([\w\.]*)(\/.*)$/,function(e,t,n,i){return t+S[a]+i})),T+=1):(f=m=!0,s=d,!0!==cfg.dle&&(c=(t=function(){var e,t={},n=g.connectionString;if(n)for(var i=n.split(";"),a=0;a<i.length;a++){var o=i[a].split("=");2===o.length&&(t[o[0][x]()]=o[1])}return t[I]||(e=(n=t.endpointsuffix)?t.location:null,t[I]="https://"+(e?e+".":"")+"dc."+(n||"services.visualstudio.com")),t}()).instrumentationkey||g.instrumentationKey||"",t=(t=(t=t[I])&&"/"===t.slice(-1)?t.slice(0,-1):t)?t+"/v2/track":g.endpointUrl,t=g.userOverrideEndpointUrl||t,(n=[]).push((i="SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details)",o=s,u=t,(l=(r=v(c,"Exception")).data).baseType="ExceptionData",l.baseData.exceptions=[{typeName:"SDKLoadFailed",message:i.replace(/\./g,"-"),hasFullStack:!1,stack:i+"\nSnippet failed to load ["+o+"] -- Telemetry is disabled\nHelp Link: https://go.microsoft.com/fwlink/?linkid=2128109\nHost: "+(b&&b.pathname||"_unknown_")+"\nEndpoint: "+u,parsedStack:[]}],r)),n.push((l=s,i=t,(u=(o=v(c,"Message")).data).baseType="MessageData",(r=u.baseData).message='AI (Internal): 99 message:"'+("SDK LOAD Failure: Failed to load Application Insights SDK script (See stack for details) ("+l+")").replace(/\"/g,"")+'"',r.properties={endpoint:i},o)),s=n,c=t,JSON&&((u=C.fetch)&&!cfg.useXhr?u(c,{method:D,body:JSON.stringify(s),mode:"cors"}):XMLHttpRequest&&((l=new XMLHttpRequest).open(D,c),l.setRequestHeader("Content-type","application/json"),l.send(JSON.stringify(s)))))))},a=function(e,t){m||setTimeout(function(){!t&&h.core||i()},500),f=!1},p=function(e){var n=O.createElement(q),e=(n.src=e,t&&(n.integrity=t),n.setAttribute("data-ai-name",E),cfg[w]);return!e&&""!==e||"undefined"==n[w]||(n[w]=e),n.onload=a,n.onerror=i,n.onreadystatechange=function(e,t){"loaded"!==n.readyState&&"complete"!==n.readyState||a(0,t)},cfg.ld&&cfg.ld<0?O.getElementsByTagName("head")[0].appendChild(n):setTimeout(function(){O.getElementsByTagName(q)[0].parentNode.appendChild(n)},cfg.ld||0),n};p(d)}cfg.sri&&(n=o.match(/^((http[s]?:\/\/.*\/)\w+(\.\d+){1,5})\.(([\w]+\.){0,2}js)$/))&&6===n.length?(d="".concat(n[1],".integrity.json"),i="@".concat(n[4]),l=window.fetch,t=function(e){if(!e.ext||!e.ext[i]||!e.ext[i].file)throw Error("Error Loading JSON response");var t=e.ext[i].integrity||null;s(o=n[2]+e.ext[i].file,t)},l&&!cfg.useXhr?l(d,{method:"GET",mode:"cors"}).then(function(e){return e.json()["catch"](function(){return{}})}).then(t)["catch"](r):XMLHttpRequest&&((a=new XMLHttpRequest).open("GET",d),a.onreadystatechange=function(){if(a.readyState===XMLHttpRequest.DONE)if(200===a.status)try{t(JSON.parse(a.responseText))}catch(e){r()}else r()},a.send())):o&&r();try{h.cookie=O.cookie}catch(k){}function e(e){for(;e.length;)!function(t){h[t]=function(){var e=arguments;f||h.queue.push(function(){h[t].apply(h,e)})}}(e.pop())}var c,u,l="track",d="TrackPage",p="TrackEvent",l=(e([l+"Event",l+"PageView",l+"Exception",l+"Trace",l+"DependencyData",l+"Metric",l+"PageViewPerformance","start"+d,"stop"+d,"start"+p,"stop"+p,"addTelemetryInitializer","setAuthenticatedUserContext","clearAuthenticatedUserContext","flush"]),h.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4},(g.extensionConfig||{}).ApplicationInsightsAnalytics||{});return!0!==g[L]&&!0!==l[L]&&(e(["_"+(c="onerror")]),u=C[c],C[c]=function(e,t,n,i,a){var o=u&&u(e,t,n,i,a);return!0!==o&&h["_"+c]({message:e,url:t,lineNumber:n,columnNumber:i,error:a,evt:C.event}),o},g.autoExceptionInstrumented=!0),h}(cfg.cfg),(C[E]=n).queue&&0===n.queue.length?(n.queue.push(e),n.trackPageView({})):e();})({ src: "https://js.monitor.azure.com/scripts/b/ai.3.gbl.min.js", // name: "appInsights", // Global SDK Instance name defaults to "appInsights" when not supplied // ld: 0, // Defines the load delay (in ms) before attempting to load the sdk. -1 = block page load and add to head. (default) = 0ms load after timeout, // useXhr: 1, // Use XHR instead of fetch to report failures (if available), // dle: true, // Prevent the SDK from reporting load failure log crossOrigin: "anonymous", // When supplied this will add the provided value as the cross origin attribute on the script tag // onInit: null, // Once the application insights instance has loaded and initialized this callback function will be called with 1 argument -- the sdk instance (DON'T ADD anything to the sdk.queue -- As they won't get called) // sri: false, // Custom optional value to specify whether fetching the snippet from integrity file and do integrity check cfg: { // Application Insights Configuration connectionString: "InstrumentationKey=9744aaee-21f7-42b6-95b2-8ebc0f2bcfeb;IngestionEndpoint=https://westus-0.in.applicationinsights.azure.com/;LiveEndpoint=https://westus.livediagnostics.monitor.azure.com/", disableExceptionTracking: true, // Disable the default exception tracking } }); window.appInsights.trackPageView(); </script> </head> <body > <div class="bodyGradient"> <header class="navbar navbar-inverse navbar-static-top"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a href="/" class="navbar-brand">';--</a> </div> <div class="navbar-collapse collapse"> <ul class="nav navbar-nav navbar-right"> <li ><a href="/">Home</a></li> <li ><a href="/NotifyMe" class="notifyOfPwning" data-toggle="modal" data-target="#notifyMeModal" data-remote="false">Notify me</a></li> <li ><a href="/DomainSearch">Domain search</a></li> <li ><a href="/PwnedWebsites">Who's been pwned</a></li> <li ><a href="/Passwords">Passwords</a></li> <li class="dropdown "> <a href="#" class="dropdown-toggle" data-toggle="dropdown">API</a> <ul class="dropdown-menu"> <li ><a href="/API/v3">Overview</a></li> <li ><a href="/API/Key">API key</a></li> </ul> </li> <li class="dropdown "> <a href="#" class="dropdown-toggle" data-toggle="dropdown">About</a> <ul class="dropdown-menu"> <li ><a href="/About">Who, what &amp; why</a></li> <li ><a href="/Privacy">Privacy</a></li> <li ><a href="/FAQs">FAQs</a></li> <li ><a href="/Pastes">Pastes</a></li> <li ><a href="/OptOut">Opt-out</a></li> <li><a href="https://twitter.com/haveibeenpwned" rel="noopener">Twitter</a></li> <li><a href="https://www.facebook.com/haveibeenpwned/">Facebook</a></li> <li><a rel="me" href="https://infosec.exchange/@haveibeenpwned">Mastodon</a></li> <li><a href="https://haveibeenpwned.uservoice.com/" rel="noopener">Suggest a feature</a></li> <li><a href="http://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches" rel="noopener"><i class="fa fa-rss"></i> Breaches</a></li> </ul> </li> <li ><a href="/Donate">Donate <i class="fa fa-bitcoin"></i> <i class="fa fa-paypal payPalLogo"></i></a></li> </ul> </div> </div> </header> <div class="secondaryHeader"> <div class="container"> <h1>Why 1Password?</h1> <h2> My history with 1Password </h2> </div> </div> </div> <div class="container"> <img src="/Content/Images/PasswordManager/My1Password.png" alt="My 1Password" class="profilePicture" /> <h3>The only secure password is the one you can't remember</h3> <p> I had my epiphany about the importance of creating secure passwords (and the necessity for a password manager) back in 2011 where I concluded that <a href="https://www.troyhunt.com/only-secure-password-is-one-you-cant/">the only secure password is the one you can鈥檛 remember</a>. Back then, I chose 1Password because it was the best fit for my needs; it was user friendly, it had clients for all the devices I used and it made syncing my passwords across them simple. 7 years and hundreds of passwords later, <a href="https://www.troyhunt.com/have-i-been-pwned-is-now-partnering-with-1password/">I partnered with them</a> to help people who find themselves in a breach after searching HIBP get themselves into a great password manager. </p> <p> Today, I use 1Password in all the same ways as I have since 2011, and more. I obviously use it for every single one of my passwords, but I also store other essential information in there such as driver's licence, memberships and credit card data. I <a href="https://support.1password.com/credit-card-address-filling/" rel="noopener">fill payment forms on web pages with the latter</a> and use the same keyboard shortcut to fill in identity data such as my phone number and home address. Shortly before the partnership came into being, I subscribed to <a href="https://1password.com/families/" rel="noopener">1Password families</a> so that my wife and I could share important sensitive information between us in a secure, practical fashion. </p> <hr/> <h3>On using an online service</h3> <p> I'm often asked how I feel about syncing my passwords via 1Password's online service, to which I have 2 responses: Firstly, I need a sync service. I regularly use several different devices and when I sign up to a service on say, my PC, I also want access to the credentials on my iPhone. Plus, I want the ability to securely share secrets with family so there needs to be a sync service and <a href="https://support.1password.com/sync-options-security/" rel="noopener">they've designed a really solid way of doing this</a>. Secondly, I point people who want to understand more to <a href="https://support.1password.com/1password-security/" rel="noopener">the 1Password security model</a> and if they <em>really</em> want to get down into the details, to <a href="https://1password.com/files/1Password%20for%20Teams%20White%20Paper.pdf" rel="noopener">their whitepaper on the 1Password security design</a>. It goes as deep as you want to go in terms of detail but the big things for me are the fact that they can never see any of my stored passwords, that even if someone got my master password they'd still need a separate &quot;secret key&quot; to gain access to anything sensitive and that they offer two-factor authentication which is required to set up 1Password on any new device. </p> <p> There's a heap of other features beyond those that keep me using 1Password too. For example, <a href="https://support.1password.com/travel-mode/" rel="noopener">travel mode</a> to remove vaults from my devices entirely while I'm on the road, <a href="https://support.1password.com/item-history/" rel="noopener">version history</a> so I can see previously used passwords and super easy browser integration so I can not only login to websites easily, but also generate strong, random passwords for new accounts. </p> <hr/> <h3>Get 1Password and get secure!</h3> <p> I've lived with 1Password day-in and day-out for years now and I've stuck with them for the reasons mentioned here. This is why I'm recommending 1Password on HIBP - because it's the one both my family and I use and it's the best possible thing you can do to improve your online security! </p> </div> <div class="modal fade" id="notifyMeModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button> <h4 class="modal-title">Notify me</h4> </div> <div class="modal-body" id="notifyMeContainer"> <div class="panel-collapse in" id="notifySubmission"> <form action="/NotifyMe" id="notifyMeForm" method="post" role="form"> <p> Get notified when future pwnage occurs and your account is compromised. </p> <div class="form-group row"> <div class="col-lg-7"> <input class="form-control" data-val="true" data-val-maxlength="The field Email must be a string or array type with a maximum length of &#39;255&#39;." data-val-maxlength-max="255" data-val-regex="That doesn&#39;t look like a valid email address" data-val-regex-pattern="^(?!^.{256})[^\x00-\x1F\*\x7F]+@[^\x00-\x1F\*\x7F]+$" data-val-required="Can&#39;t do much without an email address" id="NotifyEmail" maxlength="255" name="NotifyEmail" placeholder="enter your email address" type="email" value="" /> </div> </div> <div class="form-group row"> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <div class="g-recaptcha" data-sitekey="6Lcb0woTAAAAAJAbo3ToF_yAJMKMsZgSATbQTRmI"></div> </div> <div class="form-group row"> <p class="termsOfUse">Using Have I Been Pwned is subject to <a href="/TermsOfUse" target="_blank">the terms of use</a></p> </div> <div class="validation-summary-valid alert alert-danger" data-valmsg-summary="true" id="notifyError"><ul><li style="display:none"></li> </ul></div> <div class="form-group row" id="notificationSubmitRow"> <input type="submit" value="notify me of pwnage" class="btn btn-primary" /><i class="fa fa-3x fa-cog fa-spin fa-loader" id="notificationLoading" style="display: none;"></i> </div> </form> </div> <div class="panel-collapse collapse" id="notifySuccess"> <p> You've just been sent a verification email, all you need to do now is confirm your address by clicking on the link when it hits your mailbox and you'll be automatically notified of future pwnage. In case it doesn't show up, check your junk mail and if you <em>still</em> can't find it, you can always repeat this process. </p> <hr /> <p class="text-center" id="postNotificationCallsToAction"> <a class="btn btn-primary" id="addAnotherNotification">add another address</a> <a class="socialLink" href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fhaveibeenpwned.com" rel="noopener"><i class="fa fa-facebook-square fa-3x"></i></a> <a class="socialLink" href="https://twitter.com/intent/tweet?url=https%3A%2F%2Fhaveibeenpwned.com&amp;text=Have%20you%20been%20pwned%3F%20Get%20told%20when%20you%20are%20with%20a%20free%20%40haveibeenpwned%20subscription" rel="noopener"><i class="fa fa-twitter-square fa-3x"></i></a> </p> </div> </div> </div> </div> </div> <footer> <div class="container text-center"> <hr /> <p> <a href="/Privacy">Privacy policy</a> | <a href="/TermsOfUse">Terms of use</a> </p> <p> <a href="https://www.facebook.com/haveibeenpwned" rel="noopener"><i class="fa fa-facebook-square fa-3x"></i></a> <a href="https://twitter.com/haveibeenpwned" rel="noopener"><i class="fa fa-twitter-square fa-3x"></i></a> <a href="https://www.troyhunt.com/contact/" rel="noopener"><i class="fa fa-envelope fa-3x"></i></a> </p> </div> </footer> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" integrity="sha512-v2CJ7UaYy4JwqLDIrZUI/4hqeoQieOmAZNXBeQyjo21dadnwR+8ZaIJVT8EE2iyI61OV8e6M8PP2/4hpQINQ/g==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> <script nonce="xsqivFnsbfXg/G3RC7QEt4ZF">(window.jQuery) || document.write('<script src="/scripts/jquery"><\/script>');</script> <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js" integrity="sha512-oBTprMeNEKCnqfuqKd6sbvFzmFQtlXS3e0C/RGFV0hD6QzhHV+ODfaQbAlmY6/q0ubbwlAM/nCJjkrgA3waLzg==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> <script nonce="xsqivFnsbfXg/G3RC7QEt4ZF">($.fn.modal) || document.write('<script src="/scripts/bootstrap"><\/script>');</script> <script src="/scripts/pwned?v=KkF8OaBJocrSdvf45kkWgo5tWa402SohbJylL0Etpeg1"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10