Passwords are not sent from your host machine. This article explains the process by which the passwords are checked
Website https://haveibeenpwned.com provides a way for you to check whether some of your passwords/usernames were leaked during one of the many breaches of online services. If you are like me, you have a LastPass account with way too many random passwords to check them manually. What this script does:
- logs into LastPass and retrieves its vault
- goes through your entries and checks passwords through the haveibeenpwned API (actual plain passwords are not sent anywhere)
- compiles the results into a report for you to see if you actually were pwned
- install Python 3
- install all the dependencies with
pip install -r requirements.txt - run
python have_i_though.pyand go through the interactive prompt
- Have I Been Pwned service and its author Troy Hunt
- lastpass-python with his unofficial API around LastPass