This Website Knows if Your Passwords Have Been Stolen

Shelby Rogers

Few things are more frustrating than being locked out of an Internet account you desperately need. Maybe it's an email account or online banking or even accessing the Cloud -- it's a lot of information. And common (Internet) sense recommends that users have unique passwords to literally everything you do online. They're not supposed to be easily guessable. They shouldn't include your name. Often, websites make users include varying upper case letters, numbers, and random symbols for added safety.

With so many passwords, it's easy to cut corners and duplicate the same password on differing accounts. When one account gets hacked, however, all data linked to that password becomes completely open. Cybercrime and cyber security concerns have only grown in recent years. In 2016 alone, a report from Risk Based Security found that 4.2 billion records were breached online.

One website looks to bring peace of mind to those who have been (or fear they will be) victims of an online hack. Have I Been Pwned? lets people check their email addresses and usernames against some of the biggest data breaches in recent years. This includes companies like Apple, Dropbox, Amazon, MySpace, and LinkedIn.

Have I Been Pwned? creator Troy Hunt made a new tool specifically for passwords. Pwned Passwords lets users search their log-in information against similar hacks.

This Website Knows if Your Passwords Have Been Stolen

[Image Source: Troy Hunt / Pwned Passwords]

Currently, the website sifts through 320 million leaked passwords. That sounds like a small number against 4.2 billion breaches, but it's an excellent start.

The website might sound too good to be true, and Hunt knows that. He addressed it in a recent blog post debuting Pwned Passwords.

"Before I go any further, I've always been pretty clear about not redistributing data from breaches and this doesn't change that one little bit," he said. "I'll get into the nuances of that shortly but I wanted to make it crystal clear up front: I'm providing this data in a way that will not disadvantage those who used the passwords I'm providing. As such, they're not in clear text and whilst I appreciate that will mean some use cases aren't feasible, protecting the individuals still using these passwords is the first priority."

This Website Knows if Your Passwords Have Been Stolen

[Image Source: Troy Hunt / Pwned Passwords]

To aggregate the data, Hunt snagged password lists from Anti Public data dump and the list. He even made sure the lists had multiple versions of the same password. For example, both "[email protected]" and "[email protected]" could wind up on the list but have different results.

Hunt also begs users never to input a password they currently use into the website. He said that despite his best efforts to maintain the highest security, it's better to never share personal data with a third-party service.

"It goes without saying (although I say it anyway on that page), but don't enter a password you currently use into any third-party service like this! I don't explicitly log them and I'm a trustworthy guy but yeah, don't," Hunt wrote. "The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it's not one they should be using anymore. Mind you, someone could actually have an exceptionally good password but if the website stored it in plain text then leaked it, that password has still been 'burned'."

Hunt said the ultimate goal for the service is to show that everyone should care about cyber security.

"If this one thing I've learned over the years of running this service, it's that nothing hits home like seeing your own data pwned," he said.

To learn more about Hunt's creation of the website or to get the finer details on how it works, check out Hunt's blog here.

Sources: TroyHunt, RiskBasedSecurity

SEE ALSO: 'Game of Thrones' Hackers Demand $6 Million in Bitcoin for Stolen HBO Data

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board