1passpwnedcheck
Check your 1password exported passwords (.1pif files) against https://haveibeenpwned.com/Passwords in bulk using using a k-Anonymity model.
This means your passwords are never sent to the API only the first 5 characters of a SHA-1 password hash. Read more
Prerequisites
Make sure you have the following installed
- Python 3
- pipenv
- 1password .1pif exported file.
Export your 1password items
You can either export only login items OR all items up to you.
File > Export > All Items OR File > Export > Selected Items
Make sure you select 1Password Interchange Format (.1pif) as your file format.
Remember this file is not encrypted so make sure you securely delete it afterwards
Running / Checking your passwords
- Clone / Download the repo
- Install dependencies
pipenv install- After installation is done run:
pipenv shell
- After installation is done run:
- Run the following command
python cli.py --file=path/to/your/filename.1pif
NOTE:
A .1pif file is just a directory with all your stuff in it so make sure you pass the path to the directory NOT the data.1pif file located inside.
Example structure of a .1pif document
├── filename.1pif
│ └── data.1pif
Now just wait for script to finish and check the .csv report generated at the end to see how many passwords you need to go change!
The csv file generated is not encrypted and contains your passwords so make sure you securely delete it afterwards!
