Six months ago, 1.3 million registered users of Gawker Media had their passwords compromised when the site was hacked by Gnosis. The passwords were encrypted, but 188,279 of them were decoded and made publicly available for all to see. Just three weeks ago, Sony Pictures was hacked by LulzSec, with 1 million passwords taken and 40,000 made publicly available. Comparing the two data sets, Troy Hunt found 88 accounts on both sites that used the same email address, and of those accounts, 67% used the exact same password.
Reusing passwords is a common practice around the web that needs to be stopped. If one of the sites you're registered on gets hacked, your email address and password can be snatched. If you just happened to have been reusing your favorite password, then any other site you've used it on is now compromised. And it's not hard to find those other sites. How many of you have a Facebook account? How many use Gmail? Chase? eBay?
If you can't stop yourself from using the same password over and over again, but think you may have been compromised by a recent hack, you should check out Should I Change My Password? to see if you're safe or not. The website compares your email address to a number of hacked databases that have been released to the public, like Gawker and Sony, as well as MySpace, Fox, PBS, and more. No passwords are stored in the databases of Should I Change My Password?, only email addresses.
If your email address come back as compromised, then it's time to change your passwords on all of the sites you use the same email/password combo. If not, you may be safe for now, though you could have been hacked from another site where no records were made public. Either way, you should put an end to reusing passwords. Check out the video below from Mozilla for some help on choosing strong passwords. Also, check out this nifty password tester to see the strength of your password, and this tool to see how long it would take to crack it.
For those worried that ShouldIChangeMyPassword.com could be some email harvesting site, click here to see some of the reputable websites that have given it the okay, as well as the FAQ section.
Keep Your Connection Secure Without a Monthly Bill. Get a lifetime subscription to VPN Unlimited for all your devices with a one-time purchase from the new Gadget Hacks Shop, and watch Hulu or Netflix without regional restrictions, increase security when browsing on public networks, and more.
Other worthwhile deals to check out:
This looks like a great way to collect a Whole bunch of emails... I wonder if they would be worth anything afterwards? hmmmmmmmmm
Very good information, I also use a Password vault (my choice is Keypass) that alows you to easly use a strong password for everything you use (different ones not one for all)
I hear LastPass is pretty good, too.
With everyone worried about password hacking, some entrepreneurs are taking advantage and charging subscription fees to automatically check your email address against these publicly available lists. One such site, HackNotifier, charges $9.99 a year. Not worth the investment, when you can just enter your email into Should I Change My Password? every once in a while, or manually check the hacks when they come out, which everyone can see… why pay when it's free?
one really should change on a regular base. no matter what. I always change if I used a account from a different network or even a computer that isn't mine.
Share Your Thoughts