如果您的密码长度为 32 个字符、字母数字,并且需要数 quintillion 年才能破解,这并不重要——这并不安全。事实上,任何接触互联网的东西都是不安全的!
这是因为密码安全性不仅取决于创建密码的用户,还取决于存储密码的服务器。要让网站验证您的登录凭据,您的密码必须存储在其数据库中。这意味着如果服务器处理不当或被黑客入侵,你就要付出代价。
随着我们进入一个开始考虑替代传统密码的互联网,监控密码转储的网站变得越来越流行。
最不幸的是,这些转储通常是由于网站被黑客入侵,而不是用户,这对我们这些遭受后果的人来说是非常不公平的。
我们无法(s nothing)改变数据库易受攻击以及我们的数据不是神圣的这一事实,因此我们必须学会做下一件最好的事情:不断监控我们的密码是否泄露到Internet 上(Internet)。
在本文中,让我们回顾一些最好的网站,以帮助您监控您的密码是否已在线泄露。
我有没有被骗过
首先,让我们谈谈名字。“pwn”这个词是一种源自“own”的 leetpeak 形式,这是人们在互联网文化中经常使用的一个术语——通常是游戏玩家——用来描述(gamers—to describe)以某种方式击败某人。
要使用Have I Been Pwned,只需输入您的电子邮件地址(email address)并点击pwned?按钮。
你要么(幸运地)被告知你的密码是安全的,要么你会看到有多少被破坏的网站和粘贴了你的密码。
Have I Been Pwned然后会向您显示所有网站的列表,并将您的密码粘贴到上面。
Have I Been Pwned还包括他们网站的一个名为“Pwned Passwords”的部分,您可以通过密码进行搜索,而不是通过电子邮件进行搜索。这将让您知道该密码是否已经在Internet上的转储中四处流传。
Have I Been Pwned通常被视为密码监控(password monitoring)的黄金标准,我们建议您先检查一下。
信用业力
Credit Karma以监控您的信用的领先服务而闻名,但您是否知道他们也有很棒的数据监控功能——包括密码泄露?
Credit Karma超越了所有其他密码监控(password monitoring)网站,甚至向您展示了在列出的每个网站上泄露的密码的审查版本。您所要做的就是登录,转到他们的身份监控(Identity Monitoring)(Identity Monitoring)页面( page),然后单击数据泄露监控(Data Breach Monitoring)表下的查看详细信息。(View details)
唯一的缺点是您必须创建一个Credit Karma 帐户(Credit Karma account)才能看到这些结果。然而,这真的是一件坏事吗?这些其他密码转储(password dump)监视器允许您搜索任何电子邮件地址(email address)是不是有点粗略?这可能会导致一些邪恶的活动。
如果您已经有Credit Karma 帐户(Credit Karma account),请使用此帐户。这是在Internet(Internet)上跟踪您的密码的最未被开发的方法之一。利用(Take advantage)它,您将确切知道要取消哪些密码。
去哈希
DeHashed是对普通密码转储监视器(password dump monitor)的一个有趣的旋转,它不仅允许您通过电子邮件进行搜索,还允许您通过用户名、地址等进行搜索。之后,单击“搜索”(Search)按钮以查看您的结果。
搜索时,DeHashed会显示您的密码被泄露的站点。但是,如果不注册和支付,您将无法查看转储或查看特定密码。
尽管如此(Nonetheless),仅仅看到结果就可以提供很多信息来保护自己。
DeHashed是一个可靠的最终选择,它可以帮助您找到 Have I Been Pwned 和 Credit Karma(Been Pwned and Credit Karma)无法获取的泄露密码。尽管与其他两个相比,它的功能有点(bit bare)简陋(DeHashed),但看看DeHashed(t hurt)提供的功能并没有什么坏处。它可能会保存您的一些密码。
就在上个月,Collection #1 凭证转储发布了超过 27 亿条记录。每周,这种情况都会以较小的规模发生。知道我们无法阻止这种情况的发生是一种无能为力的感觉(powerless feeling),但我们必须随时了解情况并准备好在它发生时采取行动。为您注册的每个站点创建一个强密码也有帮助。
使用Have I Been Pwned、Credit Karma和
DeHashed,每月检查您的电子邮件和密码。一旦泄漏,您将能够立即跳上,并且您可能会对您的发现感到惊讶!
How to Know If Your Password Has Leaked Online
It doesn’t matter if your password is 32
characters long, alphanumeric, and would take several quintillion yеars to
crack—it’s not secure. As а matter of fact, anything that touches the Internet
isn’t seсure!
This is because password security does not only
come at the discretion of the user who has created it but also the server that
it’s being stored on. For a website to verify your login credentials, your
password must be stored in their database. That means that if the server
mishandles it or gets hacked, you pay the price.
As we move into an internet where we’ve started pondering replacements for traditional passwords, websites that monitor for password dumps have become increasingly popular.
The most unfortunate part is that these dumps are often due to websites being hacked, not users, which feels incredibly unfair for those of us suffering the consequences.
There’s nothing that we can do to change the
fact that databases are susceptible to breaches and that our data isn’t sacred,
so we must learn to do the next best thing: constantly monitor for our
passwords being leaked to the Internet.
In this article, let’s go over a few of the
best websites to help you monitor if your passwords have been leaked online.
Have I Been Pwned
First, let’s talk about the name. The word
“pwn” is a form of leetspeak derived from “own,” a term people often used in
internet culture—usually by gamers—to describe defeating someone in some way.
To use Have I Been Pwned, simply type in your email address and hit the pwned? Button.
You’ll either (luckily) be told that your
passwords are safe or you’ll see how many breached sites and pastes your
passwords have been found on.
Have I Been Pwned will then show you a list of
all of the websites and pastes your passwords have been found on.
Have I Been Pwned also includes a section of
their site called “Pwned Passwords” where, rather than by email, you can search
by password. This will let you know if that password is already floating around
in dumps across the Internet.
Have I Been Pwned is generally viewed as the
gold standard in password monitoring, and we recommend that you check it out
first.
Credit Karma
Credit Karma has a reputation as the leading service to monitor your credit, but did you know that they have awesome data monitoring features, too—including password breaches?
Credit Karma goes above and beyond all other password monitoring sites, even showing you a censored version of the password leaked on each site listed. All you have to do is log in, go to their Identity Monitoring page, and click View details under the Data Breach Monitoring table.
The only downside is that you do have to
create a Credit Karma account to see these results. However, is that really a
bad thing? Isn’t it a little sketchy that these other password dump monitors
allow you to search for any email address? This could lead to some nefarious
activity.
If you already have a Credit Karma account,
make use of this. It’s one of the most untapped ways of tracking your passwords
on the Internet. Take advantage of it and you’ll know exactly which of your
passwords to do away with.
DeHashed
DeHashed is an interesting spin on the average password dump monitor, allowing you to not only search by email but also by username, address, and more. After, click the Search button to see your results.
When searching, DeHashed will display the
sites where your password has been leaked. However, you won’t be able to view
the dump or see the specific password without registering and paying.
Nonetheless, just seeing the results offers a lot of information that you can
use to protect yourself.
DeHashed is a solid final choice that may help
you find leaked passwords that Have I Been Pwned and Credit Karma weren’t able
to pick up on. Although it’s a bit bare on features compared to the other two,
it doesn’t hurt to see what DeHashed has to offer. It may save a few of your
passwords.
Just last month, the Collection #1 credentials dump released with over 2.7 billion records. Every week, this is happening on a smaller scale. It’s a powerless feeling to know that we can’t stop this from happening, but we have to stay informed and ready to take action when it does. Creating a strong password for each site you sign up for helps, too.
With Have I Been Pwned, Credit Karma, and
DeHashed, check your emails and passwords on a monthly basis. You’ll be able to
jump on leaks as soon as they pop up, and you might be surprised at what you
find!