قالب وردپرس درنا توس
Home / Tips and Tricks / How to tell if your password has been stolen

How to tell if your password has been stolen

Coming up with a strong, unique password and storing it in a password manager or browser isn’t good enough. You need to know if and when your password was stolen in a password breach so that you can act quickly enough to change that password before your personal information is potentially compromised. Here’s how.

It has been some time since the massive debt collection breaches in 2019 literally leaked billions of email addresses and passwords to the web, compromising the security of those accounts. The problem that users faced at the time was a limited number of ways to see if they were actually at risk. Now there are many password monitoring services that will reveal if your password has been stolen. Many are designed so that you can quickly take action and change it.

More stories

The best password managers

Why your browser̵

7;s password manager is not good enough

5 Alarming Facts in Honor of World Password Day

Basic services to uncover email breaches

Two reputable services to verify this information existed at the time of the debt collection infringement and still do: HaveIBeenPwned, and a service operated by the Hass-Platner-Institut in Potsdam, Berlin. Both will ask you to enter your email address (not your password!), And both will then compare your email address against a database of known breaches.

Both services have their appeal. HaveIBeenPwned’s reputation attracts those who want to publish their attacks, so the reporting of breaches on the site seems comprehensive. The site lists the breaches where an email address has been overtaken, along with any resulting information, such as your gender or what your phone number is, for example. The site organizes the breaches by the attacked service, not the date. Why is this important? Because if your email was exposed to a breach in 2016, for example, chances are your password has since been changed. But if your email address and password were disclosed last month, you’ll want to change them right away.

haveibeenpwned detail HaveIBeenPwned.com

HaveIBeenPwned provides a large amount of information related to breaches, but it could be better organized.

HaveIBeenPwned also publishes the infringement information for each email address, which is useful for checking friends and family, although it is not the most privacy conscious.

HPI’s service takes a different approach. It lists the breaches by date, along with a matrix of what information was exposed. When you enter an email address on the site, a security report will be sent to that particular email, along with a color-coded chart of what data is at risk and what breach.

hpi identity leak check Hass-Platner-Institut Hass Platner Institute

HPI will send you a matrix of the information released in conjunction with your email, sorted by most recent.

Browsers add free password monitoring

Both of the above services will only reveal whether a specific email address was part of a breach, but not if a non-email username – for example, ‘billg’ – has been exposed. Here you want a trusted service that knows you, as well as the passwords you have chosen. Don’t look for random sites to ‘check’ your passwords – you’ll want to stick to a few familiar names. (Also keep in mind that password monitoring is a paid service for most password managers, but not for password managers in a web browser.)

Google password check

In 2019, Google added a free browser plug-in for Chrome that warned you once you were logged into a compromised site, if your email address or password was compromised. In October 2019, Google began automatically checking passwords for breaches, and starting in Chrome 79, it began monitoring your online usage to avoid getting ‘phishing’ or being tricked into disclosing your password under false pretenses.

Source link