Passwords: How to find out if your login details have been hacked

display

“No access for unauthorized persons”: If only hackers would just stick to it.

But they don't.

If they get their hands on access data for Internet services, they either use them or sell them - often to the detriment of the victims.

Identity theft victims often have to answer all at once for orders placed by strangers on their behalf.

But the damage is by no means always of a financial nature.

If strangers have access to private data or photos stored on an online storage service, it can be extremely stressful.

In order not to be caught so cold if the worst comes to the worst, users should regularly check whether log-in data for one or more of their accounts is already haunted through the network.

This is possible with the simple query of databases, in which security researchers enter compromised access data after hacker attacks or data leaks.

New "Leak Checker"

display

A completely new offer is the “Leak Checker” from the University of Bonn.

As usual with the leak databases, you enter the e-mail address or the e-mail addresses that you use as a user name for Internet accounts and services on the respective website.

Notification will then be sent by email as to whether and which accounts are affected by a password theft - including a fragment of the respective password.

It does not hurt to query several databases at regular intervals.

After all, some security researchers may have data sets that others don't and vice versa.

The “Pwned” database query by IT security researcher Troy Hunt has been around for a long time.

Mozilla's leak query service "Firefox Monitor" also uses Hunt's "Pwned" database, works almost identically, but differs in one practical detail: Because the result of the query is only valid for the moment, you can access the monitor Register the site with an email address and you will be informed immediately if your own identity data should appear on the web.

Also phone numbers or dates of birth

display

The Potsdam Hasso Plattner Institute (HPI) is also already there with a query option called “Identity Leak Checker”.

Here, too, email addresses must be given.

A database comparison is then used to check whether the e-mail address was disclosed in connection with other personal data such as telephone number, date of birth or address on the Internet and could be misused.

If there is a hit with one of the services, the burnt password should be changed and no longer used - unless you already know the leak or it was discovered a long time ago and you are sure that the password has long since been changed anyway to have.

The fact that a password is not in any of the databases does not necessarily mean that it is fundamentally secure.

Detailed information on creating strong, secure passwords can be found at the Federal Office for Information Security (BSI).

The agency also recommends activating two-factor authentication (2FA) wherever it is offered.

Use password manager

display

Since hackers are very likely to try stolen login data for a service on several other popular sites, the following also applies: Passwords should not only be strong, but also individual for each individual purpose - also and especially where no 2FA protection is offered becomes.

As an aid to memorizing various strong passwords, the BSI recommends memorandum phrases and, above all, password managers.

A well-secured e-mail account is particularly important because it often represents a kind of master key for many other services that send links to reset the password by e-mail.

Are you also affected by the data leak?

A huge data set of stolen login information has surfaced on the internet.

Now users should check whether their data has also reached the network and can be found there more or less freely.

Source: WELT / Kevin Knauer