How to Make Sure Your Passwords Aren’t Stolen

Posted on by

One of the benefits of a strong password is that it does not need to be changed . As long as it is strong, unique, and has not been compromised by an attacker, you will not gain any security benefits by changing it according to an arbitrary schedule. Just let it be.

What you should monitor is if any of your passwords have been compromised as a result of one of the many data breaches that you are likely to encounter recently or ever. Obviously, when this happens, changing the password you influenced should be your top priority. But many people don’t. According to the latest Google research:

“… we are implementing a cloud service that provides access to over 4 billion hacked credentials and a Chrome extension that acts as the starter client. Based on anonymous telemetry of nearly 670,000 users and 21 million logins, we found that 1.5 %% of Internet logins were associated with compromised credentials. By alerting users to this violation status, 26 %% of our alerts result in users switching to a new password that is at least as strong as the original. “

I’m not sure why the person wo n’t change their password when they find out that it has been hacked, but the message may not be clear enough. Worse, imagine all the cracked passwords that people don’t check – after all, you’re not going to change what you don’t think is cracked.

While the first part of this paragraph is entirely up to you, we can help with the second half. You can use a variety of tools (free or paid) to alert you that it might be time to change your password. Here are a few of our favorites – pick one or more to use right now.

Google Password Checkup extension

If you’re a Chrome fan – and most people – consider installing the Google Password Checkup extension . It will sit in the background of your browser and will not do anything important until you enter the site. When you do, it will check to see if your account credentials have been leaked as a result of a data leak. If so, he will tell you that it’s time to change your password, and you should definitely follow his advice.

And no, this extension will not reveal your passwords by checking them. As Google writes :

“We have developed a password checker using privacy technologies to never disclose this personal information to Google. We also developed a password checker to prevent an attacker from using it to identify insecure usernames and passwords. Finally, all statistics provided by the extension are anonymous. These metrics include the number of searches that encounter insecure credentials, whether an alert triggers a password change, and the web domain used to improve site compatibility. “

I was persuaded

It’s even easier. Submit your email address to Have I Been Pwned via the “notify me” feature and you will receive an alert when your email address (and everything associated with it) is hacked. There is no reason not to use this free service, unless you are cryptic and use a different email address for multiple services. If so, consider using a third party service like Badrap to check multiple accounts in the Have I Been Pwned database.

And we hardly need to say it, but we’re going to say it: when you receive an email that your account has been hacked, please change your password for this service. Make a unique password; make a strong password. And change this password on other services if you were lazy and used the same password for everything.

Firefox Monitor

Here’s not a big secret: Firefox Monitor offers the same “notify me if my email is leaked” service as Have I Been Pwned. In fact, it also uses the Have I Been Pwned database.

While Firefox Monitor is basically a modified version of Have I Been Pwned, it’s still worth knowing about. If you’re a big Firefox fan and that’s the only reason that convinces you to subscribe to this useful service, so much the better.

1 Password

If you pay for 1Password (which you should, since it’s a great password manager), you have access to its Watchtower feature. There is no reason not to pay attention to this important service as it will alert you whenever the passwords you used are present, you guessed it, in the Have I Been Pwned hack database. This is slightly different (and more useful) than just checking if your email address was involved in a hack.

You can also quickly see if any of the services you are using were themselves involved in the data breach, which is a good incentive to change your password, even if you were not directly affected by the attack.

Hasso Plattner Institute Identity Verification Program

Like similar tools, this one from the Hasso Plattner Institute in Germany only requires you to enter your email address. If this email is associated with any data breach, you will receive a report by email to inform you of this.

This tool is not an active monitoring solution, but it is useful to see where your account data was previously compromised. Since it only takes a second to start up, it shouldn’t be a big burden when trying to get a comprehensive picture of the account passwords that you might need to change.

Credit Karma

You probably know Credit Karma for its financial services like free credit ratings and credit monitoring . However, it also has a free identity monitoring service that will alert you when your email address appears as a result of a data breach. When this happens, you will want to change the associated password as usual.

More…

0
Uncategorized

Leave a Reply