passwords

Have you been pwned?

If you’ve ever wondered how exposed you are to hacking or how vulnerable your online presence might be, now you can find out in a matter of seconds.  

Here’s what you do: go to the site haveibeenpwned.com and input your email address. Hit enter. Moments later you’ll get either an all-clear saying “Good news – no pwnage found!” or an “Oh no – pwned!” message letting you know how many breached sites that email address has appeared on.  

More spam, more attacks

“Pwn” is an old gaming slang term derived from the verb “own.” According to the Wikipedia page, “pwn” “implies domination or humiliation of a rival, primarily in the internet-based video game culture to taunt an opponent who has just been soundly defeated (e.g., ‘You just got pwned!’).” 

Troy Hunt, a respected security researcher, created the website, which lets you check whether your email and/or passwords have been compromised, and which sites your information was leaked from.   

If you have appeared in any breaches, you will inevitably be getting more spam, and even targeted criminal attacks against you. It’s a good idea to check your work email and personal email against this cool tool to see how exposed you are.  

Hunt’s password service also allows you to securely check whether your passwords are in one of these data breaches. He has compiled a data set of 551 million passwords, and if you use passwords that appear here, you should change them immediately! 

How can you secure yourself?

The site suggests three steps to better security.  

1) Protect yourself using 1Password (or another reputable password manager such as LastPass) to create and save strong passwords for each site you use. Don’t use built-in browser password storage; Google Chrome, for example, will often ask, “Do you wish to remember the password for the site?” But it’s better to use a third-party password manager. It’s more secure and more convenient.  

2) Enable two-factor authentication

3) Subscribe to notifications for any other breaches on haveibeenpwned. This will keep you in the loop and informed on the status of your accounts and passwords. 

Remember: while this site is not a catch-all fix to any vulnerabilities in your online identity, it is a useful tool that can go a long way in boosting your overall security.