Melody Teh
Technology

New online tool lets you find out if your password has been hacked

A new online tool lets you find out if your password has been hacked and published online, as well as the steps to take if you have been caught out.

Digital security expert Troy Hunt, founder of Have I Been Pwned, said users enter their details into a search box on his website, which is then cross-referenced with a database of leaked passwords online.

The website will tell if your account details have been hacked and how to protect yourself.

“Pwned Passwords are hundreds of millions of real world passwords exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts. They're searchable online below as well as being downloadable for use in other online system. Do not send any password you actively use to a third-party service - even this one!” the website reads.

Mr Hunt wrote on his blog, “If the password alone comes back with a hit on this service, that’s a very good reason to no longer use it regardless of whose account it originally appeared against.

“As well as people checking passwords they themselves may have used, I’m envisaging more tech-savvy people using this service to demonstrate a point to friends, relatives and co-workers: ‘you see, this password has been breached before, don’t use it’.”

While the service is doing a public good, Mr Hunt warns against sharing your current passwords on any third-party website.

 “It goes without saying (although I say it anyway on that page), but don’t enter a password you currently use into any third-party service like this!

“I don’t explicitly log them and I’m a trustworthy guy but yeah, don’t.

“The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should be using any more.

“Mind you, someone could actually have an exceptionally good password but if the website stored it in plain text then leaked it, that password has still been ‘burned’.”

To test old passwords, visit Have I Been Pwned.

Tags:
Technology, Passwords, Hacked