How to check if your password is secure
If you’re creating a new password online, you can now see if it has been compromised in a data breach. Troy Hunt, creator of data breach repository Have I Been Pwned, has released a database of over 306 million passwords contained in multiple data breaches. Previously, the Have I Been Pwned website allowed visitors to enter their email address to check if one of their accounts had been compromised by hackers in a data breach.
Hunt has now added a dedicated Passwords page to the website, which allows users to check a password against a database of 306 million passwords. The passwords contained in the list were compromised in various data breaches, making them accessible to hackers and other attackers.
Checking a new password
While users may be tempted to enter their current passwords into the Have I Been Pwned website, Hunt warns visitors not to enter active passwords into any third-party service. “It goes without saying, but don’t enter a password you currently use into any third-party service like this,” said Hunt.
“I don’t explicitly log them and I’m a trustworthy guy, but yeah, don’t.” The Passwords page allows you to compare potential new passwords against the database of compromised keys to determine their security. Safely comparing your current passwords to the database can be done offline, but requires technical knowledge.
Users can download a compressed database of the hashed passwords from Hunt’s website courtesy of Cloudflare. Each password is provided as a SHA1 hash, meaning they are not visible to the public. Users can then use the HASHBYTES function to turn their query into an SHA1 hash, which is checked against other hashed entries in the database using an SQL query.
Creating a secure password
Password security can be tricky, but password managers and security guidelines are available to help users stay safe.
Password managers allow you to only remember a single, secure password, which is then used to access a stored database of randomly-generated keys for the sites you interact with. Whether you’re choosing a master password for your password manager or a secure password for your account, it is important to keep a few guidelines in mind. According to BDO cybersecurity specialist Rudi Dicks, long passwords are important, as this exponentially increases the difficulty of hacking your password using brute force methods.
“Simply adding .co.za to the end of your password makes it far more secure, while remaining easy to remember,” said Dicks.
He added that users shouldn’t use the same password across multiple websites, in case of a breach.