Hacked or not? How to check if your password has been shared online

  • TECH
  • Sunday, 20 Jan 2019

Passwords that contain random combinations of upper and lower case letters, numbers and special characters are much harder for hackers to crack. — dpa

Following one of the biggest data breaches in history, anyone with an email account should immediately do this quick check to see if their password is among the 700 million that have been hacked and shared online.

Some websites only do one thing, and www.haveibeenpwned.com is one of them, but what it does, it does superbly. Australian IT security expert Troy Hunt collects stolen user data that has surfaced on the internet in a database.

The data comes from hacks or gaping vulnerabilities in the databases of online services. By entering your e-mail address or user name, you can find out whether your own data and passwords may have been stolen by hackers and offered for sale.

In addition to the search function, the website also gives you the option of setting an alarm. If your own e-mail address or a specified user name appears in any data collection, you will receive a warning.

This could help prevent further damage by allowing you to change passwords in time. The use of the English-language service is free of charge.

Another place to check if your account has been breached is the Hasso-Plattner Institute's data checker. You'll promptly get an email outlining where, if anywhere, your password and any other personal data has surfaced on the web.

When it comes to picking a good password, most platform's will tell you if you're choosing something that can be hacked. But it's generally good to follow two basic rules.

First, when it comes to the security of passwords. First, the longer and more varied the password, the safer it is. "The number of attempts needed to crack a password increases by a factor of 95 with every additional upper case letter, lower case letter, special character and number," says Professor Christoph Meinel, director of the Hasso Plattner Institute at the University of Potsdam in Germany.

A five-character password takes about seven billion attempts to crack. However, with the recommended minimum length of eight characters, it's more than six quadrillion attempts – assuming the password isn't in any dictionary.

That's because a dictionary, if it's in electronic form, can be easily and quickly searched through.

Ideally, says Meinel, a password should include special characters and meaningless combinations of upper case letters, lower case letters and numbers.

The second rule is that the same password should not be used for more than one account. Every online service should have its own individual password – otherwise, attackers who acquire a password will immediately have access to all of your accounts and services.

"Only one third of providers use a secure method of obfuscation for password storage," Meinel says. The rest are stored using an outdated algorithm or in plain text, so are freely available on the Internet after an attack – without the affected parties knowing about it. – dpa

Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Hit soccer video game adds mixed-gender teams, sheds Fifa name
Ex-Apple designer Ive, OpenAI's Altman discuss AI hardware -The Information
Generative AI Is replacing remote work�in the future of work debate
Tesla working on 'gigacasting' tech to mould underbody in one piece -report
What has happened to hundreds of Elon Musk's satellites?
Musk's X disabled feature for reporting electoral misinformation - researcher
Apple exec defends tech giant’s decision to make Google default search engine on iPhones, Macs
Candy Crush Saga hits $20 billion revenue milestone, maker King says
Amazon has deep bench of defense lawyers to fight US FTC lawsuit
Hollywood studios can train AI models on writers' work under tentative deal - WSJ

Others Also Read