One of the most serious computer security problems that can happen to us is the theft of passwords. There have been many cases in which a leak has put users of an online service, an application, a social network or any other platform at risk. Hackers can use these keys to launch attacks, steal personal information, and attack others. In this article we are going to talk about the HIBP Offline Check tool.
What is HIBP Offline Check
HIBP Offline Check is an open source tool that combines the utility of the popular Have I Been Pwned service with the KeePass password manager. The objective is to show us if any personal password has been leaked after an attack or problem with any service where we are registered.
Basically it is an extension that we can install in KeePass. Have I Been Pwned is an Internet service where passwords that may have been leaked online appear. It is very useful, since anyone can check if a personal password has ended up in the wrong hands. For example after an attack on a known service or some security breach. It is completely free and accessible to everyone.
HIBP Offline Check uses that database , but it acts as a plug-in that we can install directly in KeePass. It is a popular password manager that we can use in different operating systems and it even has a version for the browser, such as Google Chrome or Mozilla Firefox.
This extension arose after Collection # 1 and subsequent ones were released. It was an 87 GB database with no less than 22 million unique passwords that had been leaked online. In total there were five similar databases, which had a very large international reach.
To make it easier to check passwords that could have been leaked on the network, HIBP Offline Check appeared. This way you can use KeePass to make the whole process easier.
Steps to find Keys Leaked with KeePass
We are going to explain the necessary steps to be able to install the HIBP Offline Check plugin in KeePass and thus be able to check if our passwords have been leaked at any time. Basically what we are going to have to install KeePass and later add that extension.
The first essential is to have KeePass installed. If you don’t have it installed, you can download it from its official website. There you will find the different versions available, depending on the operating system. We can use it on Windows, as well as Linux or macOS.It is important to always have the latest version installed. This will allow it to work as well as possible, but also correct possible security flaws that may affect us. After all, here we are going to trust our passwords and it is essential that it works as well as possible.
Download HIBP Offline
Once we have KeePass ready, the next thing we have to do is download HIBP Offline Check. We can do it from this link . You just have to download the application and install it on your Windows computer.This first step will link KeePass with HIBP Offline Check and we will be able to continue with the process for our final objective, which is to be able to check possible passwords that have been leaked on the Internet and that we must change as soon as possible to avoid problems.
Configure the extension
The next step is to configure the extension to be able to check the keys. We open the Tools menu and choose HIBP Offline Check. A window will appear as we can see in the image below.
In the event that we have a password database downloaded to our computer, we have to select check mode offline. This will allow us to compare our passwords without having to connect to the Internet and thus see if it is part of the Collection databases.
However, in order to use this function we will have to download the entire database, something that occupies more than 20 GB. Therefore, it may be that the best option for many is to use the online check mode and check the passwords directly in Have I Been Pwned through its API. We can also give a name to the column that will show the plugin and the default message.
Configure the columns
The next thing will be to show the HIBP Offline Check column in the password list. To do this, you have to select the View menu and click on Configure Columns. You have to enable the Have I Been Pwned column.
As we can see, what the extension does is automatically check the passwords and it will tell us if it is safe or has been leaked within a known database. We can even see the number of times that key is repeated in all databases, so we will see if it is an isolated case or we are using very repeated passwords.
Therefore, following these steps we can see, thanks to KeePass and the HIBP Offline Check extension, if our passwords have been leaked. This will help us to take action as soon as possible to prevent intruders on our social media, email, or any other service we use.
What to do if passwords have been leaked
But what should we do if we see that the passwords have been leaked? Obviously we must take action as soon as possible and thus reduce the risk of problems. If when analyzing the passwords we see the message Secure , it means that they are secure and there is no problem with them. However, this does not guarantee that our key has not been stolen by other means.
If the Pwned message appears , it means that the password has been leaked. This is when, especially, we are going to have to take action. The first thing is to change the password as soon as possible. We can even use the KeePass key manager to generate a totally secure one that meets the recommended requirements.
There are more options for generating strong passwords, such as the Qey key manager. It is a quantum generator that allows you to use passwords that are as secure as possible, totally random and unique.
But beyond changing the password, we should also enable two-step authentication whenever possible. This will add an extra layer of security, something that will come in handy in order to protect our social media accounts or any online service we use.
In short, with this extension for KeePass you will be able to check if your passwords have been leaked or not. It is a very useful option, since it has a large database where you can compare the keys. In case you see that you have been the victim of a leak, you should act as soon as possible and change the passwords.