This is the seventh entry in a series of cybersecurity themed articles; stay tuned for more if you’re enjoying this content!
Every time I read an article about how another extremely popular online service suffered from a breach, the first thought that pops into my mind is, “does this involve MY data?” Sometimes, companies will send out emails or actual postal letters notifying customers/users of a potential breach of their data, but this notification process is often a protracted affair, assuming you, the individual, are notified at all.
If you want to know if your email address has been included in any public data breach, you’ll want to head on over to the Have I Been Pwned website to check. The premise is simple; Troy Hunt, the owner of Have I Been Pwned, maintains a database of email addresses and passwords which were discovered in various data leaks. Before you ask, the stored passwords are not, in any way, stored in such a way as to be linked to the email addresses they were originally used with.
Once you’ve entered your email address on that site, you’ll either find good news, that your email hasn’t been involved in any data breaches, or, you’ll be like me and find that you’ve been victim to NUMEROUS breaches:
In the infamous words of the venerable Billy Mays, “But wait, there’s more!” You can also directly check to see if your favorite password has been exposed in a data breach as well. In saying this, I have to also say that it’s a good idea to not enter your password on any sites that don’t absolutely require it. If you’ve got a friend or coworker who uses the same password for everything, entering their password into this tool might help open their eyes once they realize that their favorite password, hunter2, is probably just as insecure as password .
hunter2 is a BAD password
This is also probably a good time to talk about password managers. A password manager is a tool which uses a single password to control access to a vault of other passwords. The idea behind this is that a user only has to remember a single password, which they will only have to enter into a browser plugin in order to gain access to their vault of stored password. Also, when you need to change your password, just ask your password manager to create one at random, and you don’t even have to care what it was changed to, because your password manager knows so you don’t have to. I’m a huge fan of LastPass, but there are many password managers out there which have similar functionality, both free and paid, that are substantially better than having multiple services sharing the same password.
Stay safe out there!