Following one of the biggest data breaches in history, anyone with an email account should immediately do this quick check to see if their password is among the 700 million that have been hacked and shared online.
Some websites only do one thing, and www.haveibeenpwned.com is one of them, but what it does, it does superbly. Australian IT security expert Troy Hunt collects stolen user data that has surfaced on the internet in a database.
The data comes from hacks or gaping vulnerabilities in the databases of online services. By entering your e-mail address or user name, you can find out whether your own data and passwords may have been stolen by hackers and offered for sale.
In addition to the search function, the website also gives you the option of setting an alarm. If your own e-mail address or a specified user name appears in any data collection, you will receive a warning.
This could help prevent further damage by allowing you to change passwords in time. The use of the English-language service is free of charge.
Another place to check if your account has been breached is the Hasso-Plattner Institute’s data checker. You’ll promptly get an email outlining where, if anywhere, your password and any other personal data has surfaced on the web.
When it comes to picking a good password, most platform’s will tell you if you’re choosing something that can be hacked. But it’s generally good to follow two basic rules.
First, when it comes to the security of passwords. First, the longer and more varied the password, the safer it is. “The number of attempts needed to crack a password increases by a factor of 95 with every additional upper case letter, lower case letter, special character and number,” says Professor Christoph Meinel, director of the Hasso Plattner Institute at the University of Potsdam in Germany.
A five-character password takes about seven billion attempts to crack. However, with the recommended minimum length of eight characters, it’s more than six quadrillion attempts – assuming the password isn’t in any dictionary.
That’s because a dictionary, if it’s in electronic form, can be easily and quickly searched through.
Ideally, says Meinel, a password should include special characters and meaningless combinations of upper case letters, lower case letters and numbers.
The second rule is that the same password should not be used for more than one account. Every online service should have its own individual password – otherwise, attackers who acquire a password will immediately have access to all of your accounts and services.
“Only one third of providers use a secure method of obfuscation for password storage,” Meinel says. The rest are stored using an outdated algorithm or in plain text, so are freely available on the Internet after an attack – without the affected parties knowing about it.