Have I Been Pwned?

| Posted on |

Knowing of a breach is the first step in resolving it

Worried about the security of your accounts? A quick and easy way to check if your account details have been compromised and leaked online is to check through the website Have I Been Pwned. While it might seem strangely named, due to the use of gaming slang, it is a genuinely useful security tool.

Simply enter an email address, and it will compare the address to it’s list of known data breaches and will notify you if your email address shows up in any of it’s recorded incidents. If it does, that’s a sure sign you need to change your password.

Since an attacker doesn’t want you to know that they’re accessing an account that doesn’t belong to them, searching for known breaches is useful as it may be the first sign of an attack.

The website is regularly updated with new details of data breaches, so it’s useful to check regularly.

Password Managers

Users are warned to not use the same password between multiple accounts because if one password is leaked, it would otherwise give access to all your other accounts. This is especially a risk as different sites may have varying levels of account security, meaning that a stolen password from a smaller and less secure website could give an attacker a way into more secure websites.

While it’s not a universal feature, some password managers also include their own tracking of data breaches, alerting users of passwords that need to be changed.

Two Factor Authentication

Fortunately, websites that use Two Factor Authentication provide additional security in the event of a leaked password, as the password alone will not be enough to get into the account.

This also has the benefit of alerting the user to an attack. If you start getting 2FA requests that you didn’t trigger, that’s a sign you need to change your password. If someone calls you up and asks for your 2FA codes, that’s someone trying to scam their way into your accounts, and you should not give them the codes they ask for.

Password Changes

Concerns about leaked passwords are also a driving factor in password changing policies, often implemented by companies for user accounts. These ensure that even if a password is compromised, there’s only a small window of opportunity before the password becomes useless.

Conclusion

Have I Been Pwned is a useful service for keeping track of passwords stolen in data breaches, which might otherwise not be noticed due to attackers wanting to stay hidden. If you have any questions about the website or keeping your passwords secure, just get in touch.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.