A new service makes it easier to know if old passwords you’ve used have been made public in a data breach. Just click on the Pwned Passwords tool, type in one of your passwords and it tells you whether hackers have gotten ahold of it — and what to do about it.
One of my old passwords (that I thought was BRILLIANT) now shows up as being leaked in a data breach.
If you click on the little Pwned icon – – in the left hand the screen where you check you passwords, you can find out if your email’s been hacked too (which could be how they got ahold of your password in the first place). I’ve been hacked at least six times in various breaches including Yahoo, Tumblr, and Dropbox.
If you find out an old password’s been compromised – don’t use it. If you are using it – change it!
By the way, the term “pwned” is hacker lingo for “I gotcha.” According to Merriam-Webster: ‘Pwn’ is a lot like the sense of ‘own’ that means “to have power or mastery over (someone).”
This new “check if I’ve been pwned” service is now integrated into the popular password manager 1Password.
Security researcher Troy Hunt recently announced the tool, which lists more than 500 million leaked passwords. Developers can also use an API to incorporate the function in their own tools.
AgileBits is the first company to announce it’s integrated the tool into its password manager, 1Password. In a blog post Thursday, the company explained how the service works. It doesn’t transmit the entire password to the service to be looked up. Instead it produces a cryptographic hash function known as SHA-1, which uses the first five characters of the password to look for a match. This is more secure than sending the entire password, the company said. For a more detailed look at how it works, AgileBits recommends reading Hunt’s detailed description in his blog post.
“Someone else could have been using the same password,” the company said. “Either way, we recommend you change your password.”
The tool comes as companies like Yahoo and Equifax, reported massive security breaches that affected billions of people. In October, , saying all 3 billion of its customers’ accounts had been breached in 2013. Equifax said in September that hackers stole information — including Social Security numbers, credit card numbers, names and addresses — on up to 143 million Americans.
Keep in mind that the Pwned Passwords tool should only be used to search for old passwords. You shouldn’t be checking whether a current password has been hacked, since it’s never a good idea to share an existing password with a third party.