Miscellaneous

How do you know my password was in a data breach?

Termius checks the password using the haveibeenpwned.com service (HIBP). The Termius app searches for the first 5 characters of SHA-1 of the user-provided password in HIBP API per the Cloudflare k-anonymity implementation.

Termius never sends the original (unencrypted) password or enough information to discover what the original password is.

Example

  • The password is pa$word.

  • SHA-1 of the password will be 617ADCC02712A40E76254BA1F3A26AF660F98EC7.

  • The first 5 characters are SHA-1 of the password is 617AD, the rest is CC02712A40E76254BA1F3A26AF660F98EC7.

Here are the search results: https://api.pwnedpasswords.com/range/617AD.

...
CC02712A40E76254BA1F3A26AF660F98EC7:96
...

This data tells us the password has been leaked in 96 breaches.

How to search in the terminal?

The search is currently available in the desktop app only.

MacOS
Windows / Linux
MacOS

Press Cmd + F or choose Edit > Find from the Mac menu bar to start searching.

To scroll through the search results:

  • Press Enter or click > to find the next search result.

  • Press Shift + Enter or the < button to jump to the previous search result.

Once you're done searching, press Esc or click ✔.

Windows / Linux

Press Ctrl + Shift + F to start searching.

To scroll through the search results:

  • Press Enter or click > to find the next search result.

  • Press Shift + Enter or click < to find the previous search result.

Once you're done searching, press Esc or click ✔.

You can change the search shortcuts from Preferences > Shortcuts.