1Password recently introduced a feature called Watchtower that checks all passwords inside the user's database whether they have appeared in a data breach. It uses Troy Hunt's Pwned Passwords v2 service which ensures that nobody can bruteforce the password being checked (look for "k-Anonymity" in the linked post).
I propose adding a similar feature to KeePassXC. The basic idea is that users easily get a quick overview how many and which passwords have been breached and thus should be changed. I imagine this would trigger as soon as a database is loaded, not only when an entry is added/edited.
While the k-Anonymity model ensures that the passwords stay safe, I assume one could design this feature to be opt-in to counter any perceptions of KeePassXC becoming less secure.
TheZ3ro
commented
6 years ago
1Password recently introduced a feature called Watchtower that checks all passwords inside the user's database whether they have appeared in a data breach. It uses Troy Hunt's Pwned Passwords v2 service which ensures that nobody can bruteforce the password being checked (look for "k-Anonymity" in the linked post).
I propose adding a similar feature to KeePassXC. The basic idea is that users easily get a quick overview how many and which passwords have been breached and thus should be changed. I imagine this would trigger as soon as a database is loaded, not only when an entry is added/edited.
While the k-Anonymity model ensures that the passwords stay safe, I assume one could design this feature to be opt-in to counter any perceptions of KeePassXC becoming less secure.