Have I Been Pwned teams up with 1Password to improve post-security breach advice
Data breach checking website Have I Been Pwned (HIBP) -- used by governments and individuals around the world -- has announced a new partnership with 1Password.
The arrangement is a first for Troy Hunt's site, but it comes just over a month after 1Password started using a password-checker he developed. Hunt says that he has turned down numerous offers to sponsor Have I Been Pwned, but feels that teaming up with 1Password makes sense.
- Have I Been Pwned is now used by governments to check for data breaches
- Firefox's 'master password' system can be easily bypassed using brute force
- How to export your saved passwords from Chrome
Until now, Have I Been Pwned has been able to advise people about when their email address and passwords have been involved in a data breach or hack attack. Now, rather than simply telling people that they need to take steps to secure their accounts and protect their password in such cases, HIBP specifically recommends that people turn to 1Password.
In a blog post talking about the partnership, Hunt says that the point at which his site informs people about a security breach is precisely when they should be directed to a particular tool that can help them:
This is the best place ever to be talking about password managers. This is that point at which the penny drops, the one where people come to that realization of "ah, now I see the problem". But it's not just 1Password being highlighted here either, there's a call to go and turn on 2FA and also to subscribe to HIBP notifications because both of those things are very positive steps for improving one's security posture. This is where people are going to be the most open to the suggestion that they need a different way of doing passwords. And the reality of it is, HIBP does lead to positive changes in people's security posture.
The reason for choosing 1Password over other similar services is down to the simple fact that Hunt is very impressed by it. He says:
Working with 1Password was the obvious choice for a number of reasons, the most obvious being my long-standing history with them. This is a product I was already endorsing by my own free volition and from the perspective of my own authenticity, that was very important.
Hunt makes no secret of the fact that the relationship between HIBP and 1Password is a commercial one, but details of the deal have not been revealed.