A security researcher has a created a new online tool that could potentially save you from being hacked.
Pwned Passwords is a searchable online database that lets you check if a password you are planning to use has already been leaked online.
“I realised I was in a unique position to help do something about the problem they’re trying to address due to the volume of data I’ve obtained,” said Troy Hunt, who created HaveIBeenPwned, a website that lets you check if your email address has been hacked.
In a recent blog post, Hunt has now revealed how his site has amassed a database of 306 million compromised passwords, some from high profile breaches including those from MySpace, LinkedIn and Adobe.
Users can browse through the list of Pwned Passwords which is also available for firms to download and incorporate into their security systems.
If you enter a password that has already been compromised a red warning flashes up on screen.
While the service could be used to check your existing passwords, Hunt actually advises against searching for existing passwords, and the reason for this is a solid one.
Hunt stresses the service was design to test new passwords only.
“It goes without saying but don’t enter a password you currently use into any third-party service like this!”, Hunt wrote on his blog.
“I don’t explicitly log them and I’m a trustworthy guy, but yeah, don’t. The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should no longer be using.”
“Use this data to do good things. Take it as an opportunity to not just reduce the risk to the service you’re involved in running, but also to help make people aware of the broader risks they face due to their password management practices”, he said.
“One thing that’s really hit home while running HIBP is that few things resonate with people like demonstrating that they’ve been pwned.
“I can do that with those who come to the site and enter their email address but by providing these 306 million pwned passwords, my hope is that with your help, I can distribute that ‘lightbulb moment’ out to a far greater breadth of people.”
When it comes to choosing a new password the advice is to choose one that uses a mixture of upper and lowercase letters, number and other characters or symbols.
Better still, rather than think of a ‘password’ try creating a longer ‘passphrase’ that could be as long as whole sentence and which still includes the combination of upper and lowercase letters, numbers and characters.
The benefits of a passphrase is that they can often be easier to remember than a combination of random numbers of letters but are harder for people to hack.
Further still, consider using a password manager to manage your passwords online.
H/T: The Next Web