Pwned Passwords

Pwned Accounts


A pwned account is where a username and password you use with an online service has suffered a data breach.  We're not talking about your toepoke.co.uk account.

This isn't just the small guys either, it can happen in large organisations too.

Once a breach happens the username and password should be treated as in the public domain.  

If you are unfortunate enough to have been a victim of a breach you should stop using the password on that account immediately and change your credentials on any other services where you have used the exposed password.

Recommendations


The day where you could use the same password on multiple online services are long gone.  The only safe password is the one you can't remember!

We would recommend:
  1. Sign up with Troy Hunt's Have I Been Pwned website.  You can use this service to check if your accounts have been subject to a breach in the past.

    You can also sign-up for notifications about any breaches in the future.

  2. Start using a password manager like LastPass.com or 1Password.com.  Or read about my experience of using the free password manager KeePass.



Feedback and Knowledge Base