Check your 1password exported passwords (`.1pif` files) against https://haveibeenpwned.com/Passwords in bulk using using a k-Anonymity model
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
Pipfile
Pipfile.lock
README.md
cli.py
hibp.py
screenshot1.png
screenshot2.png
screenshot3.png

README.md

1passpwnedcheck

Check your 1password exported passwords (.1pif files) against https://haveibeenpwned.com/Passwords in bulk using using a k-Anonymity model.

This means your passwords are never sent to the API only the first 5 characters of a SHA-1 password hash. Read more

Prerequisites

Make sure you have the following installed

  • Python 3
  • pipenv
  • 1password .1pif exported file.

Export your 1password items

You can either export only login items OR all items up to you.

File > Export > All Items OR File > Export > Selected Items

Make sure you select 1Password Interchange Format (.1pif) as your file format.

Remember this file is not encrypted so make sure you securely delete it afterwards

Running / Checking your passwords

  1. Clone / Download the repo
  2. Install dependencies pipenv install
    • After installation is done run: pipenv shell
  3. Run the following command
python cli.py --file=path/to/your/filename.1pif

NOTE: A .1pif file is just a directory with all your stuff in it so make sure you pass the path to the directory NOT the data.1pif file located inside.

Example structure of a .1pif document

├── filename.1pif
│   └── data.1pif

Now just wait for script to finish and check the .csv report generated at the end to see how many passwords you need to go change!

The csv file generated is not encrypted and contains your passwords so make sure you securely delete it afterwards!

screenshot1 screenshot2 screenshot3

Credits