How to Tell If Your Login or Passwords Have Been Stolen
Saturday, November 25, 2017 at 1:12AM Step 1: Do Some Googling
But given the millions of people affected by major security breaches, how can you tell if your specific information has been leaked? And what can you do about it?
You could start by running a Google search to see whether any site you use has suffered a leak. But that's hit or miss, time-consuming, and even if you find reports that one of them has been hacked, that doesn't mean that your information was actually compromised.
Thankfully, the internet tends to fix as many problems as it causes (in the video below, imagine Homer saying "internet" instead of "alcohol" and you get the idea). Here are some tips to help you stay on top of cybersecurity.
Step 2: Find Out if You've Been Leaked
The simplest way to determine whether your information has been leaked is to visit haveibeenpwned.com. Yeah, it has a weird name (pwned comes from hacker jargon that refers to "being owned"), but it works, it's free, and it doesn't require you to sign up for anything.
Just type in your username or email address, and the site quickly searches the list of known breaches, reporting back to you whether you've been compromised and (if so) through which site. You don't need to provide any passwords or other sensitive information to this service.
Step 3: Double Check at LeaskedSource
Another option is to use leakedsource.com. Both sites do more or less the same things, but they provide dual coverage—so if one site misses something, the other may not.
Step 4: Change Your Passwords Immediately
The first thing you should do is to change your compromised password right away.
Next ask yourself, "Did I reuse that same password at any other sites?" If so, change the password there as well—and this time use a different password at each site.
One of the best rules of online security is, Make every password unique. That way, if one site is compromised, your other logins remain safe.
Juggling dozens of different logins can be a major inconvenience, of course. Thankfully, you can turn to a program designed to manage multiple passwords in a convenient way. For more on this topic, check out Choose a Password Manager to Protect Your Security.
Here's a little tip: If you use a password manager like LastPass or Dashlane (and you really, really should) these programs can warn you if you're re-using then same password on multiple sites.
Step 5: Make Yourself Safer for the Next Breech
When creating a new password, follow the advice of security experts to ensure that you choose the most secure options available.
Your new password should be 12 characters long. It should contain letters, numbers, and symbols (such as ! or ?), and it should not refer to any other information that hackers might easily access or guess. For example, don't base the password on your name, address, phone number, or pet's name.
And once you devised a secure password, let a password manager program remember it and its fellow passwords from your other login sites.
After changing your passwords, occasionally revisit haveibeenpwned.com (or a similar site) to confirm that your login information remains secure. By staying vigilant and working to understand the threat, you can give yourself maximum protection against cybercrime.
Reader Comments