Hacked or not? How to check if your password has been shared online

  • TECH
  • Sunday, 20 Jan 2019

Passwords that contain random combinations of upper and lower case letters, numbers and special characters are much harder for hackers to crack. — dpa

Following one of the biggest data breaches in history, anyone with an email account should immediately do this quick check to see if their password is among the 700 million that have been hacked and shared online.

Some websites only do one thing, and www.haveibeenpwned.com is one of them, but what it does, it does superbly. Australian IT security expert Troy Hunt collects stolen user data that has surfaced on the internet in a database.

The data comes from hacks or gaping vulnerabilities in the databases of online services. By entering your e-mail address or user name, you can find out whether your own data and passwords may have been stolen by hackers and offered for sale.

In addition to the search function, the website also gives you the option of setting an alarm. If your own e-mail address or a specified user name appears in any data collection, you will receive a warning.

This could help prevent further damage by allowing you to change passwords in time. The use of the English-language service is free of charge.

Another place to check if your account has been breached is the Hasso-Plattner Institute's data checker. You'll promptly get an email outlining where, if anywhere, your password and any other personal data has surfaced on the web.

When it comes to picking a good password, most platform's will tell you if you're choosing something that can be hacked. But it's generally good to follow two basic rules.

First, when it comes to the security of passwords. First, the longer and more varied the password, the safer it is. "The number of attempts needed to crack a password increases by a factor of 95 with every additional upper case letter, lower case letter, special character and number," says Professor Christoph Meinel, director of the Hasso Plattner Institute at the University of Potsdam in Germany.

A five-character password takes about seven billion attempts to crack. However, with the recommended minimum length of eight characters, it's more than six quadrillion attempts – assuming the password isn't in any dictionary.

That's because a dictionary, if it's in electronic form, can be easily and quickly searched through.

Ideally, says Meinel, a password should include special characters and meaningless combinations of upper case letters, lower case letters and numbers.

The second rule is that the same password should not be used for more than one account. Every online service should have its own individual password – otherwise, attackers who acquire a password will immediately have access to all of your accounts and services.

"Only one third of providers use a secure method of obfuscation for password storage," Meinel says. The rest are stored using an outdated algorithm or in plain text, so are freely available on the Internet after an attack – without the affected parties knowing about it. – dpa

Subscribe now for a chance to win your dream holiday!

Monthly Plan


Annual Plan


Billed as RM148.00/year

1 month

Free Trial

For new subscribers only

Cancel anytime. No ads. Auto-renewal. Unlimited access to the web and app. Personalised features. Members rewards.
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News

Alphabet falls as expenses overshadow quarterly results beat
CrowdStrike says bug in quality control process led to botched update
Fortune 500 firms to see $5.4 billion in CrowdStrike losses, says insurer Parametrix
Lilium to begin studying US air-taxi assembly sites this year
Two men charged in massive ‘grandparent’ scam extradited to the US
Spain's antitrust watchdog opens investigation into Apple's app store
Bank Muamalat debit and credit cards now supported on Samsung Wallet
Alibaba bets on Taobao, Tmall clothing merchants to compete overseas against Shein, Temu
Malaysia seeking social media platforms’ commitment to tackle cybercrimes
Teen caused train derailment so he could post a video of it online, US officials say

Others Also Read