Presume Your Passwords Are Known – Update

Set aside a few hours this coming weekend to renew all your passwords...but start with the ones that are already broken and known in the DarkUniverse. And how do you know which those are? Have You Been Pawned Site Logo

Check this site: have i been pwned?

Put in a username or email (as username) that you use. It will tell you in Green that no pwnage has been found. Or, in Red, that there are X number of breeches and Y number of times that it was found in the glossaries of the dark web.

It isn't obvious that there is more explicate information than just these 2 piece of overview data. Roll down a bit and you'll find good information about where to go next. Where to go next is the sites like LinkedIn and Adobe and others which have been broken into. Disqus is another likely one. 

But, guess what. Perhaps it is time to go through and change everything...because as good as the pwned database is, they haven't yet filled it with two other data breaches that are larger than imaginable. We may as well imagine that everything is breached and start again with a fresh approach. 

 Update: Chrome, the browser from Google, has a new extension that will tell you if you have just used a password that is on their list of breached passwords. ...in real time~! ...built into Chrome~! See the Wired article: A NEW GOOGLE CHROME EXTENSION WILL DETECT YOUR UNSAFE PASSWORDSA NEW GOOGLE CHROME EXTENSION WILL DETECT YOUR UNSAFE PASSWORDS