Do you want to know if some of your passwords have been compromised? A good place to start is the Have I Been Pwned? web site. No, that’s not a typo. I meant to type pwned. It’s a derivative of owned. If you’re still scratching your head, then please read this definition of pwned.
Using the web site is easy, just type in the email address that you use as your username. If you use several different email addresses, then enter each of them, one at a time. Lists of users affected by some of the largest security breaches are aggregated at Have I been pwned. To learn more about this site, read their About page and FAQs. If your account credentials have been compromised, and I suspect that the vast majority of us have been the victim of one or more compromises at this point, then follow the recommendations listed at Have I been pwned:
Step 1 Protect yourself using 1Password to generate and save strong passwords for each website.
Step 2 Enable 2 factor authentication and store the codes inside your 1Password account.
Step 3 Subscribe to notifications for any other breaches. Then just change that unique password.
Let me elaborate a bit on each of these recommendations.
Step 1 – Use a different password for each account. In order to keep track of all of these passwords you will need to maintain a list, possibly even a password manager like 1Password, which is the password manager I use and recommend (Look for my future tech tip about password managers). At a minimum, please use a web site like Use A Passphrase to generate passwords comprised of a string of randomly selected words and then write down this password on your list. You do maintain a list, don’t you!
Step 2 – Enable 2 factor authentication. Two factor authentication can add some security to an account by requiring two pieces of information to gain access to an account. Most commonly the two factors are your password and a numerical code sent to your cell phone. Two factor authentication is not perfect, since it can be thwarted by a technique called SIM swapping, but it can be helpful.
Step 3 – Subscribe to notifications from Have I Been Pwned so you’ll get future alerts if your account credentials are compromised. Do this, it’s a no-brainer.