Find out if your passwords have been compromised

Passwords are the key to everything – from your bank accounts, to your social media profiles, to your Netflix account – there’s not much you can access these days without an account.  But with growing cyber threats, how can you ensure that your passwords are safe, and that they haven’t been compromised?

In this article we’ll guide you through simple tools you can use to give your passwords a health check, including Google Chrome Checkup, iPhone’s Password Manager, and the “Have I Been Pwned” website.

Why strong passwords are important                                  

Before we dive into the how of checking if your passwords have been compromised, we’d first like to cover off on the importance and make-up of a strong password.

A strong password should:

• Be lengthy:  Aim for at least 12-16 characters.
• Use a mix of characters:  Include letters (both upper and lower case), numbers, and special characters.
• Be unique:  Never re-use passwords across multiple accounts.
• Have no recognisable patterns:  Avoid patterns on your keyboard such as QWERTY or 9IJB8UHV.
• Not be common:  Never use options like password, password1, or Password!
• Not have personal data:  Avoid using pet names, names of your firstborn, or dates of birth.

Hackers are becoming increasingly sophisticated as seen by the table below, and weak passwords make it easy for them to gain access to your accounts and your sensitive information.  A strong, unique password for each account – it’s your first line of defence. 

How to check if your password has been compromised

With data breaches on the increase, it is an unfortunate possibility that your password may have already been compromised at some point.

There are various tools available that allow you to check whether your passwords are still safe, or if they have been exposed.  Here are three easy ways you can check:

Google Chrome Password Checkup Tool

If you are a Google Chrome user, the Password Checkup Tool that can help you identify compromised passwords is helpfully built into the browser.

Here’s how to use it:

1. Open Google Chrome, and click on the three dots in the top right corner.
2. Select Settings and go to Passwords & Autofill > Google Password Manager.
3. Click Checkup on the left menu, under the Password Manager section.

Chrome will automatically scan your saved passwords and let you know if any have been compromised in known data breaches, plus it will helpfully identify re-used passwords and weak passwords that need your attention:

iPhone’s Password Manager

Apple’s built-in password manager is another great way to ensure your passwords are secure.  Here’s how to check:

1. Open Settings, and scroll down to Passwords.
2. Select Security Recommendations

The next screen will display any compromised or weak passwords that need to be changed.  Apple also offers a built-in password generator that helps you to create strong, unique passwords for each of your accounts.

Microsoft Edge Password Monitor

Microsoft Edge has a Password Monitor feature that checks if your saved passwords have been compromised.  Here’s how you can use it:

Under the Saved Passwords section, turn on Password Monitor.

1. Open Microsoft Edge and click on the three dots in the upper right corner.
2. Go to Settings > Profiles > Passwords.
3. Under the Saved Passwords section, turn on Password Monitor.

Have I Been Pwned? Website

Another handy tool for checking compromised accounts is the Have I Been Pwned? website.  This free service lets you check if your email address or passwords have been part of a data breach.

All you need to do is visit the website, enter your email address, and hit Search:

The website will then display breaches where your data was exposed to the public, and which data was released:

MFA:  An extra line of defence
Even the strongest passwords can be comprised through a data breach, which is why enabling Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is so important.

2FA adds an extra layer of security by requiring something you know (your password) and something you have (a phone or authentication app) to login.

Even if a hacker obtains your password, they can’t access your account without the second piece of information.

Most major platforms – Google, Facebook, Microsoft, Xero – all offer 2FA, and you should enable it wherever possible.

The value of a password manager

Making strong, unique passwords for every account can feel overwhelming, and hence why a lot of people re-use the same password across multiple accounts, or why they use weak passwords. 

A password manager can help you to generate, store and manage complex passwords without needing to remember every single one.  Most password manager also integrate seamlessly with web browsers and mobile devices, making logging in easy.

Popular password managers include:

• Bitwarden
• Keeper
• Enpass
• LastPass
• Dashlane
• 1Password

Most of these services offer free versions, but there are also premium options for enhanced features which can allow for unique things like secure password sharing, which is sometimes necessary in a business or corporate environment.

By following these tips and using available tools, you can keep your accounts secure and ensure that your passwords are protected from cybercriminals.  These activities and practices are also something that we highly recommend you run through with your team to ensure they have secure passwords, as breaches through their accounts can wreak havoc on your business.

Don’t wait for the worst to happen, take action today!

If you need help in this area, please don’t hesitate to contact us on (08) 87325 5000.

If you’d like to know more, please get in touch via our Contact page.