With so many passwords, couldn’t it be helpful if you somehow knew which of the online services you use were hacked so that you can change your credentials for those?
Even more simpler, couldn’t it be convenient if all your passwords could be checked in one go with the help of a password manager?
A new service has been launched, which lets you check whether your password has been hacked or not. Pwned Passwords can let you check whether your password has been leaked in a recent data breach or not. Announced by security researcher Troy Hunt, the service combs through its database of half a billion compromised passwords to check if yours is out there and unsecured.
How it Works
Pwned Passwords has also partnered with AgileBits, the maker of popular password manager app 1Password. This means that all your passwords stored in 1Password can be checked against its database of compromised logins.
In a blog post by AgileBits announcing this partnership, the company explained how the tool works. What it does is that it doesn’t use your whole password to look for a match. It instead makes a cryptographic hash function SHA-1 out of the first five characters of your password and uses that to search its database.
This is more secure than using the whole password to search, said AgileBits. For more details, you can read Troy’s blog post about Pwned Passwords.
Another thing worth mentioning here is that if your password is found in the database, it doesn’t mean that your account(s) are hacked. Someone else could be using the same password as you.
In any case, if your password gets a match on Pwned Passwords, you should change it ASAP.
To start using this tool and identify your hacked passwords, check out this link here. Developers can also integrate this tool on their websites or apps using an API.
Yahoo and Equifax Hacks
Last year in October, Yahoo announced that all of its 3 billion accounts were hacked back in 2013. Similarly, Equifax (credit monitoring agency in the US) was also hacked, saying that hackers took off with Social Security numbers, credit card numbers, names, and addresses of 143 million US citizens.
ALSO READ
uTorrent Security Flaw Gives Hackers Access to Your PC
Amidst these hacking incidents, it’s important to regularly change your password. Also, we should get into the practice of using a long string of characters as well as a mix of upper and lowercase letters.
Remember to search using your old password on Pwned Passwords, or other similar tools, as its never a good idea to share your current password with 3rd parties.
Via CNet
You can use the API for checking your current password as well. The API works by first taking the SHA-1 of your entered password, take the first 5 bytes of the generated hash, then search and download all the SHA-1 hashes stored in the pwned passwords DB which matches the 5 bytes of your entered password hash. Then the exact search of the whole SHA-1 hash with the bucket (list of all the SHA-1 hashes having first 5 bytes matched) is performed offline. So it is completely safe to check your current password with the service as well.