Is extension It arose after Collection # 1 and successive were released. It was an 87 GB database with no less than 22 million unique passwords that had been leaked online. In total there were five similar databases, which had a very large international reach.
To make it easier to check passwords that could have been leaked on the network, HIBP Offline Check appeared. This way you can use KeePass to make the whole process easier.
Steps to find Keys Leaked with KeePass
We are going to explain the necessary steps to be able to install the HIBP Offline Check plugin in KeePass and thus be able to check if our passwords have been leaked at any time. Basically what we are going to have to install KeePass and later add that extension.
The first essential is to have installed KeePass. If you don’t have it installed, you can download it from its official website. There you will find the different versions available, depending on the operating system. We can use it on Windows, as well as Linux or macOS.
It is important to always have the latest version installed. This will allow it to work as well as possible, but also correct possible security flaws that may affect us. After all, here we are going to trust our passwords and it is essential that it works as well as possible.
Download HIBP Offline Check
Once we have KeePass ready, the next thing we have to do is download HIBP Offline Check. We can do it from GitHub. You just have to download the application and install it on your Windows computer.
This first step will link KeePass with HIBP Offline Check and we will be able to continue with the process for our final objective, which is to be able to check possible passwords that have been leaked on the Internet and that we must change as soon as possible to avoid problems.
Configure the extension
The next step is to configure the extension to be able to check keys. We open the Tools menu and choose HIBP Offline Check. A window will appear as we can see in the image below.
In the event that we have a password database downloaded to our computer, we have to select check mode offline. This will allow us to compare our passwords without having to connect to the Internet and thus see if it is part of the Collection databases.
However, in order to use this function we will have to download the entire database, something that occupies more than 20 GB. Therefore, the best option for many may be to use the check mode online and check passwords directly in Have I Been Pwned through its API. We can also give a name to the column that will show the plugin and the default message.
Configure the columns
The next thing will be to show the HIBP Offline Check column in the password list. To do this you have to select the menu View and click on Configure Columns. You have to enable the Have I Been Pwned column.
As we can see, what the extension does is automatically check passwords and it will tell us if it is safe or has been filtered within a known database. We can even see the number of times that key is repeated in all databases, so we will see if it is an isolated case or we are using very repeated passwords.
Therefore, following these steps we can see, thanks to KeePass and the HIBP Offline Check extension, if our passwords have been leaked. This will help us to take action as soon as possible to prevent intruders on our social media, email, or any other service we use.
What to do if passwords have been leaked
But what should we do if we see that the passwords have been leaked? Obviously we must take action as soon as possible and thus reduce the risk of problems. If when analyzing the passwords we see the message Secure, it means that they are safe and there is no problem with them. However, this does not guarantee that our key has not been stolen by other means.
If the message appears Pwned, it means that the passkey has been leaked. This is when, especially, we are going to have to take action. The first thing is to change the password as soon as possible. We can even use the KeePass key manager to generate a totally secure one that meets the recommended requirements.
There are more options for generating strong passwords, such as the Qey key manager. It is a quantum generator that allows you to use passwords that are as secure as possible, totally random and unique.
But beyond changing the password, we must also enable the two-step authentication whenever possible. This will add an extra layer of security, something that will come in handy in order to protect our social media accounts or any online service we use.
In short, with this extension for KeePass you will be able to check if your passwords have been leaked or not. It is a very useful option, since it has a large database where you can compare the keys. In case you see that you have been the victim of a leak, you should act as soon as possible and change the passwords.