Every now and then, we get to hear about data breaches where a substantial amount of personal data including usernames, email addresses, and even passwords are compromised. The data is either leaked online or auctioned over the Dark Web. Many of us are a part of major data breaches. The irony is that we don’t have a shade of an idea of it and still continue to use those compromised passwords everywhere leading to an increased risk of getting compromised again. Although everyone wants to keep their data safe, privacy is a 21st-century myth.
If you happen to be trying to think a new username or a web platform password, it is worth your time to make sure that it’s not one of those hundreds of millions of passwords that have already been exposed in such breaches. This, however, will take a lot of time and is practically an impossible task.
Fortunately, an expert security researcher, Troy Hunt, has come to the rescue.
Troy has been carefully working for online data safety since long and has now created an easy-to-use service which could save you the worry of being hacked. While signing up for a new account on any website, you would like to have a fresh and unique password- but you never know if the same has already been hijacked earlier in some data breach. His website lets you check the same.
Troy, the guy behind Have I Been Pwned (HIBP), has released the data of over 306 million previously pwned passwords that have been possibly hijacked in major data breaches earlier in a bid to help not only individuals but also companies to ramp up their online security. While an individual can just enter his desired password and check if it has been hijacked earlier or not, the companies can download the hashed passwords as a single 5.3GB file and warn its users who are still using one of those passwords. You should definitely not be using the passwords anywhere mentioned in its database.
The concept of this service has been supported positively by the National Institute of Standards and Technology (NIST) and the UK’s National Cyber Security Centre, who clearly state that providers shouldn’t be allowing people to use a password that has been exposed before.
So the next time you sign up on any website, make sure to check if the password you are going to set is previously pwned or not!