It doesn’t matter if your password is 32
characters long, alphanumeric, and would take several quintillion years to
crack—it’s not secure. As a matter of fact, anything that touches the Internet
isn’t secure!
This is because password security does not only
come at the discretion of the user who has created it but also the server that
it’s being stored on. For a website to verify your login credentials, your
password must be stored in their database. That means that if the server
mishandles it or gets hacked, you pay the price.
As we move into an internet where we’ve started pondering replacements for traditional passwords, websites that monitor for password dumps have become increasingly popular.
The most unfortunate part is that these dumps are often due to websites being hacked, not users, which feels incredibly unfair for those of us suffering the consequences.
There’s nothing that we can do to change the
fact that databases are susceptible to breaches and that our data isn’t sacred,
so we must learn to do the next best thing: constantly monitor for our
passwords being leaked to the Internet.
In this article, let’s go over a few of the
best websites to help you monitor if your passwords have been leaked online.
Have I Been Pwned
First, let’s talk about the name. The word
“pwn” is a form of leetspeak derived from “own,” a term people often used in
internet culture—usually by gamers—to describe defeating someone in some way.
To use Have I Been Pwned, simply type in your email address and hit the pwned? Button.
You’ll either (luckily) be told that your
passwords are safe or you’ll see how many breached sites and pastes your
passwords have been found on.
Have I Been Pwned will then show you a list of
all of the websites and pastes your passwords have been found on.
Have I Been Pwned also includes a section of
their site called “Pwned Passwords” where, rather than by email, you can search
by password. This will let you know if that password is already floating around
in dumps across the Internet.
Have I Been Pwned is generally viewed as the
gold standard in password monitoring, and we recommend that you check it out
first.
Credit Karma
Credit Karma has a reputation as the leading service to monitor your credit, but did you know that they have awesome data monitoring features, too—including password breaches?
Credit Karma goes above and beyond all other password monitoring sites, even showing you a censored version of the password leaked on each site listed. All you have to do is log in, go to their Identity Monitoring page, and click View details under the Data Breach Monitoring table.
The only downside is that you do have to
create a Credit Karma account to see these results. However, is that really a
bad thing? Isn’t it a little sketchy that these other password dump monitors
allow you to search for any email address? This could lead to some nefarious
activity.
If you already have a Credit Karma account,
make use of this. It’s one of the most untapped ways of tracking your passwords
on the Internet. Take advantage of it and you’ll know exactly which of your
passwords to do away with.
DeHashed
DeHashed is an interesting spin on the average password dump monitor, allowing you to not only search by email but also by username, address, and more. After, click the Search button to see your results.
When searching, DeHashed will display the
sites where your password has been leaked. However, you won’t be able to view
the dump or see the specific password without registering and paying.
Nonetheless, just seeing the results offers a lot of information that you can
use to protect yourself.
DeHashed is a solid final choice that may help
you find leaked passwords that Have I Been Pwned and Credit Karma weren’t able
to pick up on. Although it’s a bit bare on features compared to the other two,
it doesn’t hurt to see what DeHashed has to offer. It may save a few of your
passwords.
Just last month, the Collection #1 credentials dump released with over 2.7 billion records. Every week, this is happening on a smaller scale. It’s a powerless feeling to know that we can’t stop this from happening, but we have to stay informed and ready to take action when it does. Creating a strong password for each site you sign up for helps, too.
With Have I Been Pwned, Credit Karma, and
DeHashed, check your emails and passwords on a monthly basis. You’ll be able to
jump on leaks as soon as they pop up, and you might be surprised at what you
find!