We’re are constantly being warned about protecting our identity online. But how do you know IF and WHEN your data is actually compromised?
I recently asked several IT gurus what consumers like me could do to keep our info safe from online fraud, security breaches and identity theft. Besides the obvious caveats of not using public wifi and making sure to use sites with “https” security, I thought I knew their answers:
- Change your passwords often…Check.
- Use two-step authentication when it’s offered…Check.
What I did NOT know was safeguard #3…Use the Have I Been Pwned site. This shows you when and where your data, email addresses and passwords have been leaked. Wow. Now that’s an eye opener.
What Is Safety Check #3?
Have I Been Pwned (HIBP) is a free resource you can use to see if any of your online accounts have been compromised or “pwned” in a data breach. Troy Hunt developed the site in 2013 to show how your personal data spreads, what’s been leaked, where it’s been leaked from, and what precautions you can take. Hunt, an Australian entrepreneur, is recognized by Microsoft as a “Most Valuable Professional” for developer security since he does training and develops courses for professionals.
Checking your email address on the HIBP site is as simple as going to the site, entering in your email and then looking at the results. (Scrolling further down will list the specific data breaches where your address was found.)*
Hunt developed this site after one of the first large breaches of customer accounts — Adobe—when he kept noticing the same accounts exposed over and over again, often with the same passwords. He hopes his site “not only helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s internet.”
Safest Password Is One You Can’t Recall Either
Yes, passwords are annoying to remember, and many consumers use the same one for several different accounts. But the highest risk to you is password re-use…..so stop! Hunt advocates using a password manager. This service (some are free, some not) is like a vault that houses all your account passwords and allows you to randomly use strong, more unique passwords.
If you find one of your passwords in Hunt’s Pwned Passwords service, it means the password has previously appeared in a data breach,” Hunt explained. “HIBP does not store any information about who the password belonged to, only that it has previously been exposed publicly and how many times it has been seen. A ‘Pwned’ password should no longer be used, as its exposure puts it at higher risk of being used (fraudulently) to login to accounts using the now-exposed secret.”
* Hunt’s HIBP site is a free service for consumers to assess risk of a breach on an account. It is still a website, subject to the same caveats for accessing with secure wi-fi and keeping yourself safe online. As with any website, if you’re concerned about the intent or security, DO NOT use it. Incidentally, rumor has it the site should actually been “Have I Been Owned,” but an accidental typo locked it in as HIBP instead.