With hackers harvesting millions of login details every single year the likelihood that one of your accounts has been compromised is increasing exponentially.
To try and help you regain some peace of mind and indeed control over your life on the internet a tool has been created that could help.
Troy Hunt is an Australian security researcher and has created a safe online tool that lets you find out if your password has already been hacked.
It’s called ‘Have I been pwned?’ and it lets you check your password against Hunt’s database of over 320 million passwords that have been stolen by hackers through various data breaches.
How it works is really simple. You just put in the passwords that you’re currently using and the system will anonymously check it against the database of known passwords and let you know if it has been compromised or not.
If it has then you’ll get this message advising you to change your password immediately and never use it again.
Writing on a blog post explaining why he set up the service, Hunt asks companies to use this service as an opportunity to educate its users.
“Use this data to do good things.” He says. “Take it as an opportunity to not just reduce the risk to the service you’re involved in running, but also to help make people aware of the broader risks they face due to their password management practices.”
“When someone gets a “hit” on a Pwned Password, help them understand the broader risk profile and what this means to their personal security.”
You can check if your password has been used before by clicking here.
So what do you do if you have been hacked?
Well there are two immediate things that need to happen. The first of which is that you need to make sure none of your other accounts use that password and you need to create a new one.
While conventional advice has always been to make them needlessly complicated, the security expert who first promoted this recently done a U-turn.
Instead the new advice is that passwords should be a collection of random phrases that only a human could come up with. A perfect example would be “leekeatingrabbitstorm”. It makes zero sense and would take a computer millions and millions of guesses to get right.
The next thing you need to do is if your account supports it, set up two-factor authentication. This effectively means that if someone does guess your password they’ll still need to enter a special code delivered to your smartphone.
Finally, and this is only if you’re looking to be really secure, it might be worth investing in a password manager like 1Password/LastPass or Keeper Security. These apps are incredibly easy to use and can create incredibly complex passwords that can be copied and pasted from the app.