We have previously discussed how to fix and prevent a hacked email account. But how can you tell if your email account has already been compromised or is up ‘for sale’ amongst hacker groups – but has not actually been attacked yet?
The HaveIBeenPwned website offer a simple tool that lets you check if an account has been compromised i.e. your account details have been dumped online. No passwords are stored in their database and data you enter is not stored, re-used, or given to third parties.
They have a database of millions of accounts that they have found dumped in cyberspace – 70% is composed of email addresses while the other 30% is of usernames. The website is simple to use, just visit HaveIBeenPwned and type in an email address (in lower case) – do NOT type any passwords.
Press the ‘pwned’ button to find out if your email address is amongst the millions of compromised accounts that they have collected – if it is then you will see the following warning: “Oh no – pwned!”
Your first reaction should be to immediately change any passwords that might be associated with this email account. It is probably a wise idea to go through all your accounts and create new passwords for each of them, just in case.
If your email address is not listed that is good news – but to ensure it isn’t compromised in future, now would be a good time to check that you are using strong passwords for all email and online accounts.
How To Create A Strong Password – Choosing a strong password makes it very difficult or impossible for someone to hijack your email account, even using advanced password cracking programs.
Tip: Strong passwords are important for email but they apply equally to all types of online transaction such as online banking and shopping. However, don’t use the same password on more than one website or email account because if one is hacked then effectively they all can be!
- The keys to password strength are: length and complexity
- An ideal password is long and has a mix of upper case (capitals) and lower case (small) letters, punctuation, symbols, and numbers. Whenever possible, use at least 14 characters or more.
- The greater the variety of characters in your password, the better. Use the entire keyboard, not just the letters and characters you use most often.
E.g. 12345678 or jonathan are very weak passwords (only 8 characters, all the same type and a meaningful name) so are very easy to guess using the right software. However, the password ?lACpAs56IKMs” is very strong because it has lower case and upper case letters, numbers, punctuation and symbols.