If you’re technologically challenged species like many of us are affected, there is an exciting website called Have I Been Pwned? at your service. The site by Australian web security expert, Troy Hunt A Microsoft employee allows the users to check if their email accounts or addresses have been compromised in a data breach or not. The mastermind behind creating the data breach search service also helps in securing the strongest password by revealing over 320 million previously-pwned passwords leaked online in his blog to help the individuals and companies secure their online network. A person can check whether his account has been pwned on haveibeenpwned.com as well as secure a well-protected unique password.
Security researcher Troy Hunt who has extensively spoken about password protection has developed a tool, which would allow the user to check the password from the list of pwned passwords from breached cases while keeping one for a new sign-in. This means the person can think of a better option for a secure password than going ahead with a vulnerable, weak password. He has made 306 Million Freely Downloadable Pwned Passwords that are blacklisted and should always be used as a reference to what not to keep as a password.
“My hope is that an easily accessible online service like this also partially addresses the age-old request I’ve had to provide an email address and password pairs,” says Hunt in a blog post. “If the password alone comes back with a hit on this service, that’s a very good reason to no longer use it regardless of whose account it originally appeared against”.
On its website, haveibeenpwned.com, it gives a lowdown of the risky business and impact of using a password from compromised cases. It reads, “Pwned Passwords are hundreds of millions of real world passwords exposed in data breaches. This exposure makes them unsuitable for ongoing use as they’re at much greater risk of being used to take over other accounts. They’re searchable online below as well as being downloadable for use in another online system. Do not send any password you actively use to a third-party service – even this one!”
The tool to check the password is available online, but Troy Hunt advises not to provide the password currently in use for the obvious security purposes. The sole aim of the website and its creator is to help the companies build a stronger online security when a user signs in with their personal information on their site. Coming to think of it, choosing a password (combination of letter, numbers, special characters and some form of sacrifices) is going to be a tough task provided 306 million options are out of limits.