Passwords are meant to protect our online accounts from third-party access, including scammers and cybersecurity threats, and they do a pretty good job. It’s hard for hackers to crack a strong password just by attacking your accounts directly.
But passwords aren’t 100% secure because even the strongest of them would be useless if any online service storing user data was compromised on a large scale. Therefore, users are protected from password managers and from two-factor authentication apps are recommended to use.
However, you should do due diligence with nefarious entities that use them to sell compromised logins on data breaches and dark web markets, and check if any of your passwords have been stolen. This article shows you how to do that.
Go to Have I Be Pwned
Have I Been Pwned is a trusted site created in 2013 by Troy Hunt, Microsoft regional director and MVP. It is popular in the cybersecurity world for uncovering data breaches and educating tech professionals. And with details of nearly 11 billion accounts that have been compromised, the tool is the most popular way to determine if your password is secure.
Using the service is easy. On your favorite smartphone or in your PC browser official Have I Been Pwned Visit the website and enter your email address or phone number (with country code). In seconds, it returns details of all data breaches where your credentials were compromised.
Have I Been Pwned also has a few other nifty tools to keep your credentials safe. For example, the password checker allows you to reverse the process and enter your passwords to check if they have been compromised. In addition, registrants can check the security of all emails associated with their domains with a single click using the Domain name search service.
In general, the tool is safe to use. Even for compromised accounts, corresponding passwords are not stored in the database, reducing the risk of further compromise. Also, the implementation of a mathematical feature called k-anonymity and Cloudflare’s help means your entries into the tool are secure.
Use the built-in checker tool in password managers
Password managers are the best way to secure your online accounts for many reasons. They suggest security codes and store them in encrypted databases to make sure you don’t have to repeat or remember a code. But many good password managers also allow you to check the status (secure or compromised) of your codes.
For example, Google’s Password Manager has a password check feature to diagnose problems with your passwords. Chrome Settings > Privacy & security > Password Manager > Check passwordsgo to Another option is Dashlane, which provides dark web and password health monitoring.
One notable password manager is 1Password, which automatically background checks your passwords and warns you of any compromise. This is because of the built-in Watchtower feature that runs on the Pwned Passwords API. Like Pwned Passwords, they are updated when a new security breach is reported and added to the I’ve Been Pwned database. And if any of your passwords is violated like this, you will receive an instant alert.
Examine your accounts for suspicious activity
Password managers and tools like Have I Been Pwned are good for catching account breaches before they happen. However, most social accounts regularly post activity information that could reveal potential dangers. For example, Google notifies you for a password change or when an unknown device logs into your account. Always review such emails and take appropriate action as needed.
Google Chrome has many security and privacy features. If you use it as your default browser, beware of pop-ups when entering your passwords online. This is because the app can leverage a database of billions of reported violations to alert you to a compromise as soon as you log into a site.
Secure your accounts and passwords
The methods covered in this post are useful for checking the security of your passwords, but they are not foolproof. They do not take into account all variables. This is because they check your passwords against existing databases of known and verified breach records. This leaves them blind to unreported compromises.
Delays between the occurrence of a breach and its entry into the database also catch them by surprise. In other words, if a service is hacked today and the full extent of the data breach has not yet been recorded, your passwords will be reported as clean, even if they were leaked at the time of the breach.
You should take as many precautions as possible to minimize the chance of your account credentials being leaked online. One way is to use one of the best password managers to create and store separate login details for different online services. Therefore, even if your account password is compromised, it will not provide easy access to others.