Have you ever wondered, why setting your password on certain portals have specifications, such as a numeral, special character or the capital letter? Yes, because the company does not want your credentials to be compromised. “Have I been pwned” is a place for you then, where you can check the strength of your password.
In a bid to further secure your password, you may change the password regularly. However, this HIBP (Have I been Pwned?) lets you check the vulnerability of your set password with just a single go.
There have been plenty of data breach cases where a large amount of personal information including passwords, usernames, and email addresses have been compromised. Troy Hunt, the mastermind behind HIBP, has revealed over 320 million passwords in his blog to help the companies secure their online network.
These passwords have been aggregated from several data breaches that happened over time, and are now available to everyone on HIBP website, Gadgets 360 mentions in an article.
Hunt has taken a step further and created the inverse of the concept this time, in an effort to intimate Internet users and companies about passwords that can be easily hacked.
How to check if your credentials are compromised:
To check if your credentials are vulnerable, then go to Hunt’s site — Have I Been Pwned. Here, you can type in your email and find out if your email and password are safe or not.
You may have changed your password at the time of a given breach, but the website doesn’t tell you specifics on which hack released your password. And let’s be real: You may not remember either. If this is your first time on the site and you get the dreaded “Oh no — pwned!” message, then it’s best to take a screenshot of the result and change your password immediately.
“The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should no longer be using,” Hunt notes in his blog.
This idea of Hunt has been asserted positively by institutions like National Institute of Standards and Technology (NIST) and the UK’s National Cyber Security Centre, which agrees that compromised passwords should not be brought into use again by any user.