Exposed Passwords FAQ

Introduction

In this article, you will learn about Exposed Passwords, which is a category in the Password Health report that you receive with our premium subscription plan.

This allows you to see if any of your passwords have been exposed as part of a data breach on the dark web.

How to use Exposed Passwords?

1. Head to Password Health in the NordPass application.
2. Press “Scan My Passwords”
3. You will see all the accounts that you need to update in order to stay secure.
4. You can also see whether your password is exposed in the item details.

How do Exposed Passwords work?

We use a secure third-party provider to compare your passwords against a database of known exposed passwords found on the dark web. The process is done in a secure and private way, and your actual passwords never leave your device:

1. NordPass hashes all of your vault’s passwords in order to make them unrecognizable.
   
   
    
2. A tiny snippet is taken from each hashed password and mixed in with similar random hashes.
   
   
    
3. NordPass receives all matching results from the third-party service.
   
   
    
4. Filtering and processing then happens directly on your device.
   
   

How are Exposed Passwords different from Weak Passwords?

Fundamentally, “algorithmically” Weak Passwords are easily guessable by malicious actors, whereas Exposed Passwords are already out on the dark web.

It is common for weak passwords to also be exposed; however, it is not always the case. On the other hand, an “algorithmically” strong password may still be exposed if the account was breached or uses a common pattern (f.e, P@assw0rD).

To create truly unique and strong passwords, we recommend using our Password Generator.

How are Exposed Passwords different from the Data Breach Scanner?

• The Data Breach Scanner monitors your provided email addresses for any links to leaked information on the dark web. The information found is not always an email & password combination; it can also be other personally identifiable information stolen from a social network or another service.
• Exposed Passwords scans your passwords against a database of known exposed passwords on the dark web. These passwords may not necessarily belong to you. Regardless, they are no longer safe to use and should be changed immediately.

There are times when both tools will work together. If the breach in the Data Breach Scanner happens to include a plain-text password, and you have the same password stored in your vault, you will see it in Exposed Passwords, too.

Note: if your password is exposed as part of a data breach, immediately change the password on the breached account and other accounts that use the same or similar email/username & password combination.

Can my organization use Exposed Passwords?

In order to enable Exposed Passwords for your organization, you will need to turn on this feature in the admin panel. Users of the organization will be automatically enrolled in the feature, so no additional opt-in will be required.

If you change your mind and disable Exposed Passwords, all organization users will no longer see it in the Password Health report, and your admin dashboard will also hide it. 

Note: All data related to Exposed Passwords is removed when it is disabled.

Can I opt-out if I change my mind?

If you want to opt-out from using Exposed Passwords, follow these steps:

1. Navigate to the application settings.
2. Find “Exposed Passwords” and switch the toggle to the “OFF” position.
3. Once you opt-out from the feature, all data is removed, and no further scanning will take place. If you ever want to use Exposed Passwords again, you can use the settings toggle or opt-in directly via the Password Health report as you did the first time.