Want to Make Sure Your Password Is Unique? Here’s the Searchable Database to Help You Find One
Too many data leaks, too much insecurity. But what if there was a way for you to confirm if your password is just enough to secure you? Over a decade ago, in June 2007, the National Institute of Standards and Technology (NIST) had released guidance requesting sites to check potential passwords against previous data breaches to ensure they were totally unique. While this guidance was issued way ahead of the famous 2016 record-breaking breaches, at least there is one source now offering this functionality.
306 million passwords you should never use!
There are over a billion compromised usernames and passwords roaming around the internet. This data could easily be used to facilitate users instead of just helping criminal hackers. Troy Hunt, the person responsible for the data breach notification site, HaveIBeenPwned, has launched a new tool to help you check your passwords to make sure they haven't previously used and compromised. The database is made of over 306 million passwords that have been leaked and collected over the last few years.
HIBP previously enabled users to enter their email address and see if it has appeared in a breach. However, it didn't reveal the associated password for obvious security reasons. Now, using this new model, you can enter a password yourself, which will then be checked in this database of passwords. Hunt, however, warns not to check your current password.
"Don't enter a password you currently use into any third-party service like this! I don't explicitly log them and I'm a trustworthy guy but yeah, don't. [...] Mind you, someone could actually have an exceptionally good password but if the website stored it in plain text then leaked it, that password has still been "burned".
It makes for a pretty fun pastime too, but be warned not to enter your current passwords. Kind of kills the purpose but Hunt says the "point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it's not one they should no longer be using."
Batman ! pic.twitter.com/mSWRHlsyHp
— Sidney Guiotส้้้้้้้ (@Firefly74940) August 3, 2017
"As well as people checking passwords they themselves may have used, I'm envisaging more tech-savvy people using this service to demonstrate a point to friends, relatives and co-workers: 'you see, this password has been breached before, don't use it!'" he adds.
"If this one thing I've learned over the years of running this service, it's that nothing hits home like seeing your own data pwned."
The data is freely available to download, which will hopefully push developers to integrate it into their websites, making the password selection process more secure.
In for some fun? Head over to Pwned Passwords and start playing. Again, do not check your current password.