Did you know that a lot of people are in a data breaches who don’t even realize it? Fortunately, there are websites that exist that allow you to check if you are part of a data breach.
HaveIBeenPwned is a website that allows you to enter an email address/phone number/password (we’ll get to how they check passwords securely later).
Checking email addresses
You can enter your email address to check if you are part of a data breach.
For this instance, I’ll be checking [email protected], and at the time of writing, this email has been part of 79 data breaches, ouch!
Too bad for this dummy email, it will be getting a lot of spam in the future!
What if I’m part of a breach?
Chances are, one of your email addresses were part of a data breach. There is no undoing this, but there are things you can do going forward.
- If you are signing up for websites you will not use in the future, use a temporary email provider, such as TempMail.lol, which is actually much safer than using an email dedicated for dubious websites. This will also prevent same email-based tracking.
- Change the password you used on the pwned websites, then, if you used that password on any other website, change the passwords for those websites. It can get very tedious, but well worth having the peace of mind!
- Use a password manager. Firefox and Google Chrome have built-in password managers, and even have options for allowing users to sync their passwords to mobile devices!
Putting your passwords into a data breach checker can seem very sketchy, and I was off-put at first until I learned how it worked. You send a portion of your hashed password (which you can obtain by using this website using the sha-1 algorithm), then they return a list of possible passwords, which your browser checks. Your password is not revealed to anyone during the process.
Use a password manager. Google Chrome and Firefox have built-in password managers that sync with devices, and Apple users can use iCloud Keychain to securely sync long passwords between devices. Stay safe!