As a normal Internet user you don’t frequently hear about data breaches or emails and passwords being leaked to the public. But trust me it is more frequent than you think.
I will show you how to check if your EMAIL AND PASSWORD have been leaked before online
A “breach” is an incident where data has been unintentionally exposed to the public.
This is a small sample how frequent breaches are:
If these numbers didn’t scare you, just wait for what it’s coming
source: CNBC
After a major data breach, do criminals actually have your password even if it has been encrypted?
tldr: It depends but must always assume the worst.
Companies have various ways of encrypting passwords. There are also techniques called salting and hashing.
The upshot is, the average user will not take the time to find out how the affected company does their encrypting — or hashing or salting for that matter. So the average user doesn’t know how vulnerable their password is.
HAVE YOU BEEN PWNED ?
There is a website that allows Internet users to check whether their personal data has been compromised by data breaches.
IT’S THE FAMOUS haveibeenpwned.
CHECK YOUR EMAIL:
1-Navigate to haveibeenpwned
2-Enter the email you want to check
As you can see this dummy email has been found in 283 data breaches and 611 pastes
A “paste” is information that has been “pasted” to a publicly facing website designed to share content such as Pastebin. These services are favoured by hackers due to the ease of anonymously sharing information and they’re frequently the first place a breach appears.
If you are curious what’s your email have to do with this and you think you are safe because only your email has been leaked, I would like to show you how usually the data breaches look like:
So if your email has been leaked before there is a big chance the password associated with it has been leaked too and since most of internet users use the same password for all their accounts online, it becomes an easy job for hackers to get access to your accounts.
PLEASE IF YOU ARE USING THE SAME PASSWORD ACCROSS MULTIPLE ACCOUNTS CHANGE IT NOW.
CHECK YOUR PASSWORD:
1-Navigate to haveIbeenpwned/password.
2-Enter the password you would like to check.
As much as I don’t want to encourage people to plug their real password(s) into random third-party sites, I can guarantee that a sizable number of people got a positive hit and then changed their security hygiene as a result.
The Password I tried is “password”
As you can see this is a very famous password used accross the world and it has been found 3,861,493 times before, CAN YOU IMAGINE ?
This service checks your password against more than Half a BILLION real world password previously exposed in data breaches.
You can have fun with it for a bit and try some combinations.You can also use it to decide wether your new passwords are “safe”.
WHAT IF I DON’T FIND MY PASSWORD?
Well that’s great news, BUT this means your password wasn’t found in any of the Pwned Passwords loaded into Have I Been Pwned. That doesn’t necessarily mean it’s a good password, merely that it’s not indexed on this site.
BUT again you are testing the password against half a billion passwords, that should give you some sense of safety.
PLEASE IF YOUR PASSWORD HAVE BEEN LEAKED BEFORE CHANGE IT ASAP AND NEVER USE THE SAME PASSWORD ACCROSS MULIPLE ACCOUNTS
FOR DEVELOPERS:
If you are a developer or someone who’s familliar with coding like me you might be skeptical about entering your password in a third-party website.
Don’t worry haveibeenpwnd got you!
They provide an API that you can fetch and get the results in a more secure fashion without sending your password
If you’re a JavaScript developer you can find the NPM PACKAGE I made to check a user’s password using haveibeenpwned API
I am open to contributation and bug fixes
- NPM PACKAGE: password-pwnd
- Github Repo: password-pwnd
If you’re a PYTHON developer you can find the program I made to check a user’s password using haveibeenpwned API
- Github Repo: password-checked
I go over the details of both scripts in this article!
AND MAKE SURE YOUR PASSWORDS ARE SAFE ,STRONG AND NEVER USE ONE IN MULTIPLE ACCOUNTS
Connect with me on Linkedin for more interesting tech stuff!
Thank you very much for your attention.
