How to know if your password has been stolen

How to know if your password has been stolen

by

Setting up a strong, unique password and storing it in a password manager or browser is not good enough. You need to know if and when your password was stolen as a result of a password breach, so that you can act quickly enough to change the password before your personal information may be compromised. Here’s how.

It has been some time since the massive breaches of the 2019 collection literally leaked billions of email addresses and passwords onto the internet, jeopardizing the security of these accounts. The problem users were facing at the time was a limited number of ways to determine if they were actually doing so. There are now many password monitoring services that will see if your password has been stolen. Many of them are designed to set you up quickly and change them.

More stories

The best password managers

Why your browser’s password manager is not good enough

5 Worrying Facts in Honor of World Password Day

Basic e-mail violations services

Two reliable services for checking this information exist at the time of the infringement of the collection, and they still are: HaveIBeenPwned, and a service operated by the Hass-Platner Institute in Potsdam, Berlin. Both will ask you to enter your email address (not your password!), And both will then match your email address with a database of known violations.

Both services have their profession. The reputation of HaveIBeenPwned attracts those who want to publicize their attacks, and the reporting on the site’s violation seems extensive. The website contains a list of the offenses in which an e-mail address is trapped, along with any additional information – such as your gender or what your phone number is. The website organizes the violations by the service attacked, not the date. Why is this important? Because if, for example, your email was uncovered in 2016, chances are your password has changed since then. But if your email address and password were exposed last month, you want to change it right away.

detailed detail HaveIBeenPwned.com

HaveIBeenPwned provides a lot of information about violations, but it can be better organized.

HaveIBeenPwned also publishes the infringing information for any email address, which is handy for checking friends and family, though not most privacy conscious.

HPI’s service follows a different approach. It contains a list of the violations by date, along with a matrix of the information exposed. Entering an email address on the site will send a security report to the specific email, along with a color code of the data provided and of what violation.

hpi identity leak Hass-Platner-Institut Hass-Platner-Institut

HPI will send you a matrix of the information released with your email, organized by the most recent.

Browsers add password monitoring for free

Both of the above services only indicate if a specific email address was part of a violation, but not if a username that is not email – ‘billg’ has been exposed. Here you want a trusted service that knows you, as well as the passwords you have chosen. Do not rush to random websites to “check your passwords” – you want to keep some trustworthy names. (Also note that password monitoring is a paid service for most password managers – but not for password managers within a web browser.)

Google Password Control

In 2019, Google added a free browser add-on for Chrome that alerted you once you compromised a website if your email address or password was compromised. In October 2019, Google automatically started checking passwords for violations, and from Chrome 79 onwards, you started monitoring your online usage to prevent being “fished” or to disclose your password under false pretenses.

google password check inline Mark Hachman / IDG

Google’s password controller has a handy dashboard to show if your password has been compromised.

If you now go to passwords.google.com and verify yourself, Google’s online password verification will give you a quick check of which passwords have been compromised, which have been duplicated on various websites, and which can be improved with more. complicated passwords to prevent it from being easily cracked should a breach occur. There are also links to change the passwords on the sites themselves. However, this only works if you have stored passwords with Google yourself.

Firefox Lockwise

Firefox Lockwise, part of the free Mozilla Firefox browser, works in a slightly different way. It does not offer Google’s recommendations on redundant and poor passwords, but its password monitoring feature works differently. It also seems to work, whether you’re saving a password in Firefox or simply entering passwords from another browser. Like Google, however, it needs to ‘know’ your password, which requires you to store it in the browser.

The easiest way to get to Lockwise is by typing about: logins in the Firefox URL bar.

firefox lockwise password protection edited Mark Hachman / IDG

Firefox Lockwise builds password monitoring into the Firefox browser.

If a password has been exposed, you will see a bright red banner, the relevant account and password and a link to jump to the relevant account. (It can also flag accounts that you may have already disabled, such as with a LinkedIn violation that was shown to me, which was linked to a previous work account.)

Microsoft Edge Password Monitor

Last year, Microsoft promised an upcoming Password Monitor within Microsoft Edge, and it will soon be launched as part of Microsoft Edge 88. Like the other similar services offered by other browser manufacturers, it will be free.

Microsoft edge password generator Microsoft

Edge is implementing a complex password generator and soon a password monitor.

Paid Password Monitoring: Password Managers

We are already reviewing password managers, which is the easiest way to manage passwords. Below is a summary of what password managers do in terms of monitoring.

LastPass

While LastPass provides a robust, free version of the password storage services offered by browsers, password monitoring is a service that LogMeIn’s LastPass service pays for. LastPass keeps an eye on the “dark web” when a password is leaked, but it will also send you a notification if this is the case, something the browser manufacturers do not yet do. Is it worth the cost of $ 3 LastPass per month for the service? If you appreciate closing your personal data immediately, it may be.

lastpass password dashboard LastPass

LastPass monitors the dark web for faulty passwords for a small monthly fee.

Dashlane

Dashlane also considers the “dark web” monitoring as a paid service and charges $ 6.49 per month for it.

1Password

1Password does not offer a free level, but includes the basic $ 2.49 / month service that the company calls ‘Watchtower’, which warns you about passwords being compromised as well as those that need to be updated because they are weak. 1Password actually works with the HaveIBeenPwned service to check you passwords (not your email address) against the database of broken passwords. But as an extra security measure, send 1Password only Share of your password (or, specifically, part of the password hash), collects all potential matches and then checks them privately on your computer.

1 password watchtower 1Password

1 Password tower password management password service.

Other password managers tend to charge small fees for password monitoring, but who knows? It is possible that the competitive influence of Microsoft and Google, plus Mozilla, could shift password monitoring into a free service for years to come.

Note: If you buy something after clicking on links in our articles, we can earn a small commission. Read our affiliate link policy for more details.

Source