Time to change your passwords yet again. But this time, you’ll really need to do some research.
If you go to Have I Been Pwned, you can now search up to 306 million passwords that have been mined from data breaches. Previously, you could only search the site for an email address that had been compromised (you can’t match the emails and passwords, obviously).
In a blog post, HIBP founder Troy Hunt discusses why using a password that had been previously part of a data breach is a bad idea and urged organizations to block subscribers from doing so (he also advised against dictionary words, repetitive and sequential characters, context-specific words and reusing passwords).
Being able to test these breached passwords is important.
“I'm envisaging more tech-savvy people using this service to demonstrate a point to friends, relatives and co-workers: ‘You see, this password has been breached before, don't use it!’" Hunt notes. “If this one thing I've learned over the years of running this service, it's that nothing hits home like seeing your own data pwned.”
We say: Stick with passphrases, use password managers that haven’t been cracked yet (we like Dashlane) and well, don’t repeat yourself. And remember, even though notapassword survived Pwned’s test, it’s now useless.