Password Health: Exposed Passwords FAQ

Exposed Passwords

Exposed Passwords is a new category in the Password Health report that comes with your premium NordPass subscription. It allows you to see if any of your passwords have been exposed as part of a data breach on the dark web.

 

How to use Exposed Passwords?

Follow these steps to access Exposed Passwords:

  1. Navigate to the Password Health tool in the NordPass application and press on Scan My Passwords.  When initiating a scan for the first time, you will have to agree to our privacy policy.



  2. In the Exposed Passwords category, you will see all the accounts that you need to update in order to stay secure.



  3. You can also see whether your password is exposed in the item details.


How do Exposed Passwords work?

As with the Data Breach Scanner, we use a secure third-party provider to compare your passwords against a database of known exposed passwords found on the dark web. The process is done in a secure & private way, and your actual passwords never leave your device. To find out how we process your data, read below.

 

How can I make sure my passwords are secure when using Exposed Passwords?

NordPass takes several measures to ensure safety & privacy of you and your vault.

  1. NordPass hashes all of your vault’s passwords in order to make them unrecognizable.



  2. A tiny snippet is taken from each hashed password and mixed in with similar random hashes.



  3. NordPass receives all matching results from the third party service.



  4. Filtering and processing then happens directly on your device.



How are Exposed Passwords different from Weak Passwords?

First of all, we highly recommend that you change your weak passwords.

Fundamentally, “algorithmically” Weak Passwords are easily guessable by malicious actors, whereas Exposed Passwords are already out on the dark web.

It is common for weak passwords to also be exposed, however it is not always the case. An “algorithmically” weak password may still be only known to you. On the other hand, an “algorithmically” strong password may still be exposed if the account was breached or uses a common pattern (f.e. P@assw0rD).

To create truly unique and strong passwords, we recommend using our Password Generator.

 

How are Exposed Passwords different from the Data Breach Scanner?

The Data Breach Scanner monitors your provided email addresses for any links to leaked information on the dark web. The information found is not always an email & password combination, it can also be other personally identifiable information stolen from a social network or another service.

Exposed Passwords, on the other hand, scans your passwords against a database of known exposed passwords on the dark web. These passwords may not necessarily belong to you. Regardless, they are no longer safe to use and should be changed immediately.

Now, there are times where both tools will work together. If the breach in the Data Breach Scanner happens to include a plain-text password, and you have the same password stored in your vault, you will see it in Exposed Passwords, too.

Please note: if your password is exposed as part of a data breach, immediately change the password on the breached account and other accounts that use the same or similar email/username & password combination.

It is extremely easy for malicious actors to reapply your exposed credentials across hundreds of common websites to break into other accounts and steal valuable information.

Can my organization use Exposed Passwords?

Yes. In order to enable Exposed Passwords for your organization, you will need to turn on this feature in the admin panel. Users of the organization will be automatically enrolled to the feature, so no additional opt-in will be required.

If you change your mind and disable Exposed Passwords, all organizations users will no longer see it in the Password Health report and your admin dashboard will also hide it. Likewise all data related to Exposed Passwords is removed.

Can I opt-out if I change my mind?

If you want to opt-out from using Exposed Passwords, follow these steps:

  1. Navigate to the application settings.

  2. Find Exposed Passwords and switch the toggle to the OFF position.

Once you opt-out from the feature, all data is removed and no further scanning will take place. If you ever want to use Exposed Passwords again, you can use the settings toggle, or opt-in directly via the Password Health report as you did the first time.

Was this article helpful?