Have I been ‘pwned’? Click here to find out safety status of your accounts, passwords
Looking for a new password? Check out the ‘Have I been Pwned?’ website to find out if it’s a safe one.tech Updated: Aug 05, 2017 17:32 IST
Let’s be honest: 123456 and password has for long been our go-to combination whenever prompted for passwords. In fact, 123456 was the most commonly used passwords in 2016, according to password management company Keeper Security. Given the multiple accounts we juggle with everyday, it’s obviously very difficult to remember as many ‘unique’ pattern of numbers and alphabets.
But the problem is, having such ‘weak’ passwords, or using the same set for different account, is not safe at all. What should you do now? Well, a website called “Have I been Pwned?” tells you if your password or account is safe enough.
The website, launched by security researcher Troy Hunt, has more than 300 million passwords that have been compromised in the past. Besides the passwords, you can also check if your email ID has been “pwned”, which essentially means your account has been compromised in a data breach. Hunt claims that as many as 227 websites have been pwned over the years. The number of pwned accounts is quite high at 3,914,073,118. The website also features a list of “Top 10 breaches” with different flags for sensitive breach, unverified breach and spam list (used for marketing).
To get started, enter your email ID in the search bar and click on the ‘pwned?’ button. If your account has ever been hacked or appeared in breached data troves, it will show you a message - “Oh no — pwned!” It will also show you the number of breached troves where your account has appeared. If you want to go deeper into the leak, you will have to subscribe the website.
“A “breach” is an incident where a site’s data has been illegally accessed by hackers and then released publicly. Review the types of data that were compromised (email addresses, passwords, credit cards etc.) and take appropriate action, such as changing passwords,” the website explains.
If you have subscribed, the website provides an in-depth analysis of these breached sites. “In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data,” it reads.
Hunt explains on the blog, “The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should be using any more. Mind you, someone could actually have an exceptionally good password but if the website stored it in plain text then leaked it, that password has still been ‘burned’.”
If your account has been pwned, we suggest you change your password immediately to a more complicated one and also never use the same password for another account. An ideal password should contain a mix of uppercase and lowercase alphabets, at least one number and one special character, and should be more than eight characters strong.