With millions of passwords leaked and released publicly there are significant chances that the password you think is secure has already been leaked and available in some shady database. If you have been using the same password for a long period of time, then it is a good idea to make sure it hasn’t been leaked already by verifying its integrity.
There are many sites that let you enter your password and check if that same password is available in a publicly available database of leaked passwords. However using such websites is also risky as they too might end up leaking your password in the wild.
A Siri Shortcut called PwnedWord makes it possible for users to securely check if their password is leaked online using a secure k-anonymity technique. With this technique the Shortcut will hash the password and only send first 5 characters of the hash to pwnedpasswords.com. Then the pwnedpasswords.com website will return a list of all possible matching passwords to your device based on the 5 letter hash that was sent to it. Upon receiving the list of possible matching passwords the shortcut will then match the strings of the received hashes with your password’s full hash to determine if there’s a match. If there is a match it will let you know that your password has been leaked.
What I particularly like about this shortcut and the k-anonymity method it uses to verify password’s security is that your actual password or its full hash does not leave your device and the actual matching and verification is done on the iPhone once potential matches are received, leaving no chances of hackers to get your secured password.
The Shortcut will tell you that you have done a good job if you have a truly secure password, which has not been leaked previously. Otherwise it will let you know how many instances of your password were found online and that you should stop using it immediately.
The stock Shortcuts app has been a great addition to iOS, as people keep creating some amazing Shortcuts to take advantage of its capabilities, and PwnedWord is definitely one of them.
You will need to enable the ‘Allow Untrusted Shortcuts‘ option before you download PwnedWord on your iOS device. You can download the PwnedWord Shortcut here.
