Yusuf On SecuritySecurity news, opinion and advice

How to check if your password ended up in the wrong hands

Have I Been Pawned is a service whereby typing your email address you can check whether that same email appeared in a leaked or comprised database.

The UK and the Australian governments are now using the service to keep an eye on their own domains.

After entering your email address, this will check it against a database containing half a billion addresses and if found it will return the following details as you will see below.

if you have been using services such as Dropbox, LinkedIn, Yahoo, Tumblr chances are your password may have leaked or you have been pawned. That is why you should use a unique password per site. In fact password alone is no longer a good strategy to remain secure today. You need to enable two step verification. Two-step-verification or two-factor-verification allows you to use your password together with another unique secrets which changes every time. That way even if your passport is discovered the second secrete won’t be as it is not constant.

Troy Hunt is the security researcher behind this service.

Author
Yusuf
Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts