Auto Homeowners Umbrella Earthquake Commercial

Password breaches have become commonplace. Here's how to check the statuspassword hacked
of your passwords and, more important, keep your identity safe.

As if the recent ransomware scares weren't enough to keep you up at night, password breaches continue to make news. 

Back in May, for example, security research center MacKeeper reported that a massive database of stolen passwords had surfaced online. And while it was composed largely of passwords from a variety of sources, many of them years old, its newfound accessibility -- and conglomeration into a single collection -- is cause for concern.

It's also cause for action. Although "online safety" feels increasingly like an oxymoron these days, there are still steps you can take to protect yourself when breaches like this occur. It all starts with getting rid of those overly used, poorly designed passwords you know are terrible but you use anyway. 

Improve your passwords

The most secure password in the world is useless if a hacker steals it, but it becomes much less useful if it's not the same password you use for every single log-in.

In other words, it's essential that you employ a different password everywhere you conduct online affairs. And the only effective way to do that is with a password manager, which can generate and manage unique, robust passwords for all your sites and services.

Of course, even password managers aren't infallible, as LastPass users discovered recently. That's why you should change passwords regularly -- a potentially daunting task unless your password manager can perform it automatically. Dashlane and LastPass are among the handful that offer this handy feature.

Find out if you're compromised

The aforementioned database contains some 560 million passwords. Want to know if yours are in there somewhere? Head to Have I Been Pwned, which checks to see if your email address appears in any database that's been compromised.

If it does, don't panic: Remember that many of the sources in that database are years old. For example, one of my email addresses was indeed "pwned," but it was in the Dropbox breach of 2012 -- and I've long since changed my password there.

Of course, it certainly wouldn't hurt to change the password on any site(s) detected here. (Pro tip: Click Notify me when I get pwned so you can be informed if and when your email appears in the next breach.)

This site recently added another tool to help keep you safe: a search engine based on a database of over 300 million compromised passwords. So, rather than searching for your email address or username, you can search for a password. Of course, security expert Troy Hunt, who operates the Pwned site, advises against using his tool (or any other) to check passwords you're actively using. Rather, this is way to vet any new password you might want to employ, as you can see if it's already been compromised.

Enable two-step verification

Short of a fingerprint reader, two-step verification (aka two-step authorization) may be the single best way to protect online accounts. Most commonly, the second of the two steps (the first being entering your password) involves entering a code delivered on-demand to your phone. Even if a hacker has your password, he doesn't have your phone, and therefore shouldn't be able to bypass that second step.

Of course, this requires you to have your phone close at hand and able to receive text messages (or, if you use an authorization app instead, data connectivity). It's also an extra hassle.

Want to learn more? Read Matt Elliott's Two factor-authentication: How and why to use it. Then move onto Matt's more recent update, in which he advises against using SMS for this. (A much safer bet: "An authentication app such as Google Authenticator, Microsoft Authenticator or Authy.")

Delete old accounts

Remember AOL? Perhaps you had an account at one time, but haven't touched it in months or even years. If it's still active, and a hacker manages to break in, that still puts you at considerable risk. You might have all kinds of personal information stored there, to say nothing of photos and other media that should be kept private.

Thus, take some time to delete old, unused accounts. This is another way a password manager comes in handy: When it first imports all your passwords, you can see a full list of every account you have. Then it's a matter of working your way through them and determining which ones you want to deactivate.

Alas, you'll have to manually visit each site in turn and figure out how to actually delete your account. For help, turn to, which provides direct links to the cancellation pages of hundreds of services.

This article originally published on

By Rick Broida

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive

View Mobile Version

Get a Quote

Refer a Friend Leave A Review
                                      R.L. Thomas Service, Inc.

21021Ventura Blvd., 215                        9655 Granite Ridge Road, 200 
Woodland Hills, CA  91364                    San Diego, CA 92123  
Phone (818) 380-1700                             Phone (858) 737-6335
Fax (818) 906-0667                                  Fax (858) 726-2693

                                            License#: 0601754
Powered by Insurance Website Builder