Are Your Passwords Online for Everyone to See? They Just Might Be
You may not be aware, but the bad guys have been stealing our passwords for years. This data has been floating around the ‘dark web’ for ages, but has only recently made it onto the public web. On the dark web, your passwords were quite hard to come by. On the public web, your passwords are there for the world to see. This has important implications, because if you haven’t changed your passwords in a while, then one or more of your current passwords may be available online. And if you are in the habit of re-using passwords, then your digital skeleton key may be a quick search away.
You can check to see if you are exposed by searching with your name and email addresses (old and new) here: www.leakedsource.com.
Note that you’ll need to spend $2 to see which of your passwords are in the system. For the record, I am in no way affiliated with www.leakedsource.com.
Update: The cash-for-hacked-passwords website LeakedSource.Com disappeared last year. And now its operator has been charged with (amongst other things) 'trafficking in identity information'. I did not know that was a thing. The charges were brought in Canada.
Unfortunately, this doesn't mean we can stop worrying about password security. As one of these sites disappears, another one pops up to take its place. The replacement website is offering 4.7 billion sets of our credentials for sale for as little as $2. Not unsurprisingly, payment methods include multiple cryptocurrencies - Bitcoin, Bitcoin Cash, Ethereum, Litecoin, Dash & Ripple.
At this point, you may decide that a different approach to passwords is required going forward. That’s certainly my view. And that's why I’ve written a short book to help us all get better at securing our password-protected systems. You can download a version of the (PDF) book for free from the online store.
I can’t emphasise enough how vulnerable some of us may now be given the broad availability of this personal data. A random review of a couple of dozen email addresses has revealed:
A lot of people I know are in the database
About 30% have one or more passwords in there
Lots of passwords are old, but millions are quite recent with new data added every month
Telephone number searches can throw up lots of personal data (home address, home phone, email, date of birth)
When you’re ready to shore up your accounts, the book will walk you through the process. As well as a plain-speaking explanation of the dangers of guessable (and easily findable) passwords, it also includes a simple, people-friendly password generator which ensures that:
Your passwords aren’t known to anyone or any system (including the cloud)
Everyone can have unique, strong and easily accessible passwords - not just the tech-savvy
You can also use this system to make your password-change-day at work less of a pain. Here’s the video.
Please take a moment to share this information with friends and family (share buttons below). You don’t want them to be the last ones to find out. And please don’t shoot the messenger. This data is out there and it is (IMHO) better that you are aware of the threat sooner rather than later.