Web Security

Check your email address and password

This week we experienced a really clever scam email which had in it an email address of ours and also a password linked to that email address. Luckily, we knew that the password hadn’t been used for years and wasn’t currently in use. Also, the email address had been redundant for a number of years. It still made us scratch our heads for a bit and think about web security.

So, where did this information come from and how could we check all our other employees’ accounts to make sure they were not breached as well? This led us to do some research online, and what we found was really interesting. Please just spend a few minutes and do the below, as it could save you from being hacked or your identity stolen.

1. Check your email address to see if it appears on criminal lists

There is a website called  https://haveibeenpwned.com

In this site, you can enter your email address and it will tell you if it appears on known lists that are circulating with criminals. It will then also tell you which lists it found your email address in. As an example, the email address causing us the problems appeared in six different lists including leaked data from Dropbox, LinkedIn, Myspace and three other created lists.

There is no charge for this service and it might just help keep you safe.

2. Check your passwords to see if they appear on criminal lists

Again, this is an interesting one. How many people use the same password for everything? Hopefully, we’re learning not to do that, but on this website, you can enter your password (not together with your email address obviously) and it will tell you how many of these criminal lists your password appears on. Now, this will depend on your password. As an example, if you were to use the password “manchester1”, this appears in 9031 lists! This number of list entries would indicate you are not the only person using this password. If your password was something like “longstairs” this only appears on two lists, so it might be fair to say you are the only person using this password and as such it is breached.

Go and check your password at https://haveibeenpwned.com/Passwords

No, there is no guarantee that even if your email address or password do not appear on this website there could still be lists circulating that this website has not been able to get hold of, but it’s a start, and it also makes us think about our web security and how we manage passwords.

Next week, we will have an article on here about password management and how not to let this take over your life. Imagine having a different password for every account!