Passwords keep our online accounts safe from all kinds of cybersecurity threats, but a data breach can lead to your sensitive data being compromised — and it can happen right under your nose.
Even if you've created a strong password that would take billions of years for hackers to crack with a brute force attack, threat actors can break into servers of social media giants or large-scale companies and get unauthorized access to a huge number of people's private credentials.
Using one of the best password managers and two-factor authentication (2FA) can help counter hackers that have acquired your password from breaking into your accounts, but that doesn't mean your online security is, well, secure. A countless number of compromised logins are sold through dark web markets, meaning your account details could be flying around the wild web, waiting to be used by a threat actor.
If you're wondering "has my password been leaked?", there's a simple way to find out if your login credentials have been compromised. In fact, it does one better by letting you know if your email or phone number has been part of a data breach.
How to find out if your password has been leaked
The easiest and most popular way to find out if your password is up for grabs is to check out Have I Been Pwned? (HIBP). Created by Microsoft regional director and cybersecurity whizz Troy Hunt, this free tool has become the most efficient way for users to quickly check if their password or phone number has leaked online.
Simply type in your email address or phone number with your country code, and the website will notify you if your credentials have been compromised. What's more, it also has a password checker that goes through hundreds of millions of passwords that have been part of data breaches — letting you know if it's suitable to use or continue using.
You might be thinking "wait, if I put in my password on this site, won't hackers have a chance to nab it?" Don't fret, as HIBP has various privacy measures set up so you can use the website safely. Compromised email addresses and passwords that appear in a breach are shown, but "but no information about which email addresses had corresponding passwords nor what those passwords are is stored."
Thanks to Cloudflare k-anonymity implementation and having passwords hashed client-side with the SHA-1 algorithm, HIBP never receives the original password and doesn't have enough information for hackers to discover the original password. For a better look at how the website keeps everything secure, including blocking malicious requests, check out its privacy page.
The website offers a selection of handy tools, including being able to be notified if your account is compromised, seeing all the websites that are known to have had breaches, and the number of accounts that have been breached. It's a good way for anyone to check if their accounts are at risk, and it's worth doing every once in a while to stay on top of your online security.
Keeping your password secure
Of course, if your account has been compromised, you're going to want to change your password post-haste. Check out this simple trick to create a strong password, and be sure to use one of the best password managers around to keep your account secured.