Keeping up with the breaches

Keeping up with the breaches

We’ve talked a lot about passwords this week! You’ve installed a password manager and learned how to make and secure passwords with two easy tips. We’re not quite done with passwords, though. Today’s the last day, I promise.

You’ve set up your secure, long, unique passwords and stored them in your password manager. But websites still get attacked and passwords get leaked. Your other accounts are safe – but you still need to know to change your password on the affected sites.

How do you keep up? If you’re not watching for news about every leak (and really, who has the time for that) there’s an easy way to keep track.

If you’re curious, “pwned” is leetspeak for “owned” as in conquored/defeated. It comes from gaming, and originated because the o and p keys are next to each other on the keyboard, making for an easy typo.

Open up a website called Have I Been Pwned and click Notify Me at the top. Enter your email and click the Notify me of pwnage button.

Screenshot of the Notify Me page on HaveIBeenPwned.com

Check your inbox for a confirmation email. Click “Verify my email” in that email.

Just to confirm that you're a real person behind a real email address, click on the link below then you'll be automatically subscribed to new breach notifications where this email address has been pwned.

Button: Verify my email

That Verify link will bring you to a page showing all the known breaches your email address has been found in. These are places that have been attacked, had passwords leaked, and where the owner of HaveIBeenPwned has either found or been given a copy.

Verification complete
All done, you'll be sent an email if this address gets pwned in the future, below is your existing exposure

Good news – no pwnage found! No breached accounts and no pastes.

In my example, this is a brand new email and I don’t have any accounts that have been impacted! But that probably won’t be the case for you. It’s not that you’ve done anything wrong, of course. It’s the nature of being online these days – security breaches happen.

I’ve been Pwned! Now what?

Yesterday, I said “If you’re using strong and unique passwords, the only time you need to change them is when someone else gets hold of your password.” And this is where the second part of that comes in.

First, don’t freak out. It won’t help you. For each of the accounts in the list that HaveIBeenPwned gives you, sign in and change your password. Remember to make it both strong and unique!

Whenever the site finds your info in a new breach, you’ll get an automatic email.

HaveIBeenPwned won’t catch every breach. Watch Tech For The People on Twitter, and check your email for notifications for news from services you use.