Password theft can make life significantly more difficult. Aside from benign major hassle, compromised passwords can easily lead to identity theft and cause serious legal issues. Therefore, it is worth paying attention to the strength of your passwords and changing them regularly or, at the latest, when you suspect your accounts have been compromised.
ExpressVPN’s study on the most common passwords around the world showed that 42% of people use their first name in their passwords, while 43% of them use their birth date. Since this information is easily traceable on social media, your accounts can be more prone to hacking attacks.
How can someone find out my password?
A compromised password allows unauthorized people to log into your accounts. Password compromise is usually not your fault; your data is not directly compromised on a specific computer. There’s no reason to automatically assume that an attacker has accessed or hacked your computer and is still watching it (these thoughts are only appropriate if you find that multiple passwords have been compromised in a relatively short period of time).
The most common reason is the theft of user’s personal data from various services. It is also conceivable that attackers could hack and obtain a database of users of a certain service (a so-called “Breach”) and then publish it. The password is then sold on the black market and can in fact be read by anyone.
How to protect yourself
Checking for fraudulent use
You can easily check your password online. Take a look at the publicly available tools that can do this. Most of them work automatically and can send an alert when you enter your email address if they detect a leak or incident (containing your email address or password) as mentioned above.
The best-known monitoring tool is ”have I been pwned”. Here, after entering your email address, you can see which services or providers have been hacked and which user accounts have been compromised. If your account is listed, consider your password hacked and change it urgently. It is clear which one it is by looking at your password, even if it is not naturally displayed.
You can type the password directly into the Pwned Passwords tool (instead of looking for the associated email). The result is a notification of whether the password was part of a data breach and how many times it happened. The database contains over 613 million compromised passwords that have previously been proven to have been stolen.
Other password compromise checking services:
- Firefox Monitor
- Chrome browser
- Avast Hack Check
- Mirkat for Lenovo
Discover weak and duplicated passwords at the administrator or keychain
Password compromise detection or password weakness alerts should be available in any decent password manager. We’ve already covered them in our magazine, and you can find the best-known ones in a dedicated password managers section.
On some systems, passwords are stored in keychains that support the features mentioned above; for example, on iOS (iPhone) and macOS, the keychain warns if a password is weak or repeated across multiple services. Since iOS 14 and macOS Big Sur, the keychain can also keep track of compromised passwords. If your saved password has an exclamation mark icon next to it, you should change it right away.
- List of 2020’s most used passwords is here and it’s appalling
- Revealed: The 200 Most used and Worst Passwords of 2021
- Chrome on Android will alert, fix your compromised password
- Psst! tool by 1Password lets users share passwords using a link
- Nissan source code leaked, it used “admin” as username, password
Use a password manager
The average internet user uses so many services and apps that if they had to use unique passwords for each one, they would not be able to remember them. So, if you don’t want to give up security completely and use a single password, we recommend using a password manager.
Password managers may even suggest strong passwords, which is something to consider. Password suggestions are also built into some browsers or password manager plug-ins allow this feature. Artificial intelligence can judge better than the user what is a suitable and strong password.
The default setting for cloud-based password managers is to log in with 2FA. If you use a password manager on your phone, it usually has biometrics – fingerprint or facial recognition. This adds another layer of security to password access.
We regularly cover two-factor authentication (2FA) in our magazine, so the term is certainly not new to you. Simply put, 2FA adds an extra layer of protection to your login, so a simple password is no longer enough. To log in, you will still need to enter a one-time password (OTP), which is generated separately on the device you have. This is usually an app on your smartphone that shows you an OTP password for each “paired” service, which is valid for a very short period.