A Friendly Reminder About Password Reuse And Just How Pwned You Are
As Well As Ways To Avoid It
Password reuse is common, according to this Google study it is a significant problem which affects hundreds of thousands of people and their many different accounts. There are tools such as Have I Been Pwned which allow you to check to see if your email accounts have been involved in a past breach, as well as a tool to check to see if hackers are also fond of your favourite passwords. For the average user this may be confusing and terrifying as they don’t have the context to understand what the results mean.
To make things a little easier, Google released a Chrome add-in call Password Checkup which you can install and use to check your chosen username and password combination against several billion which have been involved in a breach and will politely suggest you choose a different one. Cryptography experts at Stanford University worked on the development of this app, so it should not be a source of a breach and Google won’t be receiving your password in plain text.
You should also consider a using a password manager such as LastPass or 1Password which lets you securely store your login info so that you don’t have to remember 32 separate unique user and password combos. If that doesn’t appeal to you, then remember that computers are much quicker at guessing ‘Pa55w0rds?!” than they are “These password rules smell funky!” … assuming the person who set up the password didn’t have the brilliant idea to restrict your choice of characters.
To that end, last February Google unveiled a new experimental Password Checkup extension for Chrome. The extension warns you any time you log into a website using one of over 4 billion publicly-accessible usernames and passwords that have been previously exposed by a major hack or breach, and prompts you to change your password when necessary.
More Tech News From Around The Web
- How dodgy browser plugins, web scripts can silently rewrite that URL you were about to hit – and throw you into an internet wormhole @ The Register
- Instagram ups its fake news game with flagging @ The Inquirer
- ncovering The Echo Dot’s Hidden USB Port @ Hackaday
- Plex’s new Desktop app means the Windows UWP version is toast @ The Inquirer
- World recoils in horror as smartphone maker accused of helping government snoops read encrypted texts, track device whereabouts @ The Register
- Blender 2.80 Viewport & Rendering Performance @ Techgage
- Fire Breathing N64 Puts Blast Processing In The Shade @ Hackaday
This would have been posted earlier … but I had to deal with a user that got hacked.
Did you really post this?
(What if Jeremy has been hacked?!)
Then I would have happily went home!
haha funny. Is the Password Checkup tool using the pwnd database similar to (iirc) 1Password’s Watchtower feature? If so I may have to check it out, Have I Been Pwned is a good place to start but [intentionally] makes it hard to figure out which account u/n and password combination may have been involved in X specific service breach while it’s my understanding that 1Password since they have the missing pieces is able to tell you which specific account was hacked and which password compromised.
I totally use 1 password for 90% of my accounts :\ I’m basically food for the haX I guess.