Easily find duplicate passwords in your logins

As pointed out by Glen on our post about the Gawker hack, there’s an easy way to quickly determine where you’ve used a certain username/password combination, whether it’s already been compromised or you just want to improve your web security before something happens (we recommend the latter).

You probably know by now that the only way to be secure on the web is to use unique passwords on every. single. site. If a password is re-used, even on a site that you don’t consider confidential, that password can be tried all across the web until less savory individuals find the one it works on that you didn’t want anyone getting into. That being said, anyone who’s been on the web for more than a few years likely has a plethora of duplicate passwords on sites they may not even remember existed. If you’ve been using 1Password, here’s how you can find them and fix them.

In 1Password, go to File > New Smart Folder, and you’ll get a bar at the top which lets you define criteria for the smart folder. In its simplest incarnation, you can just choose the password criteria and enter a password you’ve used more than once. Any logins with the same password will show up in the new folder. If you want to narrow it down to just items with the same username and password, simply hit the “+” button on the right to add a Username criteria and enter the email or username that you want to find.

Now you can start the somewhat tedious task of changing logins, but at least you’ll have a roadmap!

21 replies
  1. Mark
    Mark says:

    It would be way nicer if there were a smart folder or menu item to check for duplicate passwords; that way I don’t have to go through each one to make sure I’ve used it only once!

    Consider this my feature request, thanks!

  2. jim
    jim says:

    This is also a handy tip to keep track of related sites with different domains or sub-domains that use the same account to log in.

  3. Jim Parr
    Jim Parr says:

    Thanks. I just did that, and found six sites with an old common password. They all now have separate, much more secure passwords.

  4. David Emme
    David Emme says:

    “Easy”? I don’t think so.

    If I have 25 passwords and want to check for duplicates, I have to do (via “Smart Folders”) 25 separate manual searches. That’s not “easy”, that’s “generate and test”.

    “Easy” is when the software does the work. I click a button, choose a menu item, or set up a Smart Folder with “Duplicated passwords” as a criterion, and 1Password finds all the duplicates for me in one swell foop.

    Maybe a feature request? (if it’s not already on your list…)

  5. Brooke Kuhlmann
    Brooke Kuhlmann says:

    I wanted to mention that while the Smart Folder idea is a nice tip what would be better is if you provided a tool via the menu bar that was “Find Duplicate Passwords”. I don’t really want to work harder than I have too. :)

  6. Chris
    Chris says:

    I don’t see File-> New Smart Folder, only New Folder… (Windows). You have this listed as Posted in 1Password for Windows so uhm….where is this feature at for Windows users?

    • Brett
      Brett says:

      My mistake. I primarily use the Mac version and forgot that the Windows version doesn’t have Smart Folders yet. Sorry about that!

  7. fellowweb
    fellowweb says:

    As several of the above comments underline, some kind of “identify duplicate passwords” function would be very welcome.

    Could you please comment on whether this is on your short to mid term roadmap?

    Thank you for your great work on 1Password!

    • fellowweb
      fellowweb says:

      PS: It would be of great help if one could either subscribe to email notification on new comments/replies or could (actually) subscribe to the comments RSS feed of the article. Currently, I cannot follow helpful comments here without manually checking by every other day. Thank you for considering this!

    • Brett
      Brett says:

      I’m unable to comment on a timeline, but I’ve submitted the feature request and it is being seriously considered. Thanks to everyone requesting this for the idea!

  8. kikoku
    kikoku says:

    As above, “Duplicate Passwords Finder” would be very welcome.. maybe in Help>Tools or Trobleshooting menu; it’s a special and occasionally-used function.

    ALTERNATIVE TIP: If you have so many username/passwords to control, consider the “File>Export All>Text File…” command (you can check only “title”, “username” and “password”) and compare all data in one shot in a spreadsheet application (ordering columns by name).

  9. Carlos Sanabria
    Carlos Sanabria says:

    Here’s an interesting feature request: What if I WANT to have duplicate passwords? For example, at my company I have to access many web sites that all have the same password, if I change one of them, they will all change, since they use a common authentication database.

    So a functionality like “Application Groups” were they all have the same passwords everytime, will make things much easier when I have to change my corporate password!

    Thank you, I keep making such an AWESOME product!

  10. Gabriel
    Gabriel says:

    This is a great trick… but there’s also a flip side to this problem.

    Here at $job, we have many many many internal websites needed for doing our job, and they all have authentication. The authentication all points back to our ActiveDirectory server, which means all these sites have to have the same password. It’s no big deal in terms of security, as they’re on a private network.

    However, it’s a pain to have to update 20+ passwords in 1P when my password changes every month due to security policies.

    It would be great if I could have this username+password defined in one place, and then link it to these sites…

    I can haz feechur rekwest?

  11. Roman
    Roman says:

    I just started to play with 1Password and I am stumped. It is very convenient, but claims that it is secure are out of place. Suppose I save a login information to my brokerage. If I leave my computer on, anybody can gain access with one click. Why do I have to guard the Master Password? To edit information that will be accessible to anybody? What am I missing?

    • Brett
      Brett says:

      Hi Roman,

      1Password can operate the way you suggest, but it somewhat defeats the purpose (although it does make an excellent form-filler). If you set your preferences to lock after a timeout, lock when sleeping, and enable automatic locking and the master password (see this image), you can make sure that no one without your master password can get to any of the data you’ve stored in 1Password. It’s up to the user to decide how much security they need, and there’s a convenience tradeoff for higher levels of protection (i.e. repeatedly entering your master password). When it’s locked, though, it’s encrypted, secure and impenetrable. If you have any questions, you can check our 1Password support page, or contact us directly!

  12. Doug
    Doug says:

    Just adding to this post – another simple way of checking for duplicate passwords is to use the search field. Start typing any password you think you may have used more than once, and make sure “Everywhere” and “Password” are selected in the criteria bar that pops down below the search box, and you have a quick set of results without needing to create a smart folder.

    If you do want a smart folder for that search query, just click “Save” on the right side of the search criteria bar, and a smart folder for that same query will be added to your sidebar.

    I love 1Password for how easy it makes small tasks like this. Cheers.

  13. pamelalevy
    pamelalevy says:

    I bought this app many months ago on an airplane whn I read about it. I set it up at that time and I have never used it because……I can’t remember my password. Oy. So now what I don’t see any possible way to reset. Do I just keep trying?

Comments are closed.