Nagpur: Passwords suck. They’re hard to remember, we all have about a million of them, and they’re not supposed to be anything easy or memorable like your cat’s name.
Worst of all, when massive data breaches happen to the companies we actually trust with our online credentials, our usernames and passwords can become totally exposed – but luckily, there’s now a simple way to find out if you’ve been compromised like this.Troy Hunt is an Australian security researcher and the man behind Have I Been Pwned (HIBP), a website that lets people check if their email addresses and usernames have been involved in some of the biggest data breaches ever – involving companies like Myspace, LinkedIn, Adobe, Dropbox (and sadly hundreds more).
Now, Hunt has approached the same problem from the opposite perspective, building a new tool called Pwned Passwords that does the same kind of thing, but this time it lets you enter just your passwords to see if they’ve been leaked in any of the aforementioned hacks.As Hunt explains on his blog:
“It goes without saying (although I say it anyway on that page), but don’t enter a password you currently use into any third-party service like this! I don’t explicitly log them and I’m a trustworthy guy but yeah, don’t.
The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should be using any more.”
What this means is that if you want to see if any of your current passwords have been exposed, you really ought to download the whole list and search through it from the privacy and security of your own device.
There’s a staggering 320 million leaked passwords stored in this database, and if you’re wondering whether it’s maybe irresponsible to collect them all in one place like this, there are a couple of things to bear in mind.
One, none of the passwords here are stored alongside the email addresses or usernames that they pair with, so if any people are still using these long-exposed passwords, their anonymised listing here shouldn’t make things any easier for hackers.
Two, Hunt’s whole point with Pwned Passwords is to draw attention to the issue of how just how many of our passwords have been outed by hackers up until now – by letting people check if one of their passwords is out there on the big bad internet.