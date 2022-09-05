Passwords are not 100 percent safe, and there's always a risk of them leaking through direct attacks on your accounts or large-scale compromises of online services that store user data. That's why users are highly advised to take advantage of password managers and two-factor authentication apps.

But with data breaches occurring every now and then and nefarious entities capitalizing on them to sell compromised login data across dark web markets, it doesn't hurt to check if any of your passwords have been stolen. And this article will tell you exactly how to do that.

Head over to Have I Been Pwned

Have I Been Pwned is a trustworthy site created in 2013 by Troy Hunt, a Microsoft regional director and MVP. He is popular in the cybersecurity world for uncovering data breaches and educating technology professionals. And with details of almost 11 billion compromised accounts, his tool is the most popular way to find out if your password is still safe.

Using the service is easy. Visit the official Have I Been Pwned website on your favorite smartphone or PC browser and enter your email address or phone number (with the country code). Within seconds, it returns the details of any data breaches where your credentials were compromised.

Have I Been Pwned has a few other nifty tools for ensuring your credentials are secure. For example, the password checker allows users to reverse engineer the process and directly input their passwords to check if they've been compromised. Also, domain owners can check the safety of all emails associated with their domain name with a single click using the Domain search service.

Overall, the tool itself is safe to use. Even for compromised accounts, the corresponding passwords are not stored in the database, reducing the risk of further compromise. Plus, the implementation of a mathematical property called k-anonymity and the help of Cloudflare means that all your inputs into the tool are secure.

Use the built-in checker tool in password managers

Password managers are the best way to secure your online accounts for many reasons. They suggest and store security codes in encrypted databases, ensuring you don't have to repeat or remember a code. But many good password managers also allow you to check the status of your codes—safe or compromised.

Google's Password Manager, for example, has a password checkup feature to diagnose issues with your passwords. Go to Chrome Settings > Privacy and security > Password Manager > Check passwords. Another option is Dashlane, which provides dark web and password health monitoring.

A notable password manager is 1Password, which automatically runs background checks on your passwords and warns you of any compromise. This is due to the built-in Watchtower feature, which runs on Pwned Passwords' API. Like Pwned Passwords, it's updated when a new security breach is reported and added to the Have I Been Pwned database. And if any of your passwords are found in such a breach, you're alerted immediately.

Inspect your accounts for suspicious activities

Password managers and tools like Have I Been Pwned are good for catching account breaches before they escalate. However, most social accounts regularly send activity information that may help uncover potential compromises. Google, for example, alerts you for a password change or when an unknown device signs into your account. Always review such emails and take appropriate action where necessary.

Google Chrome has a lot of security and privacy features. If you use it as your default browser, pay attention to pop-ups when you enter your passwords online. That's because the app can tap into a database of billions of reported breaches to warn you of a compromise as soon as you start logging into a site.

Secure Your accounts and passwords

The methods covered in this post are great for checking the security of your passwords, but they're not foolproof—they don't account for all variables. That's because they rely on existing databases of known and validated breach records. This leaves them blind to compromises that have not been reported. Interestingly, delays between when a breach occurs and when it enters the database also leave them blindsided.

It, therefore, follows that you should take as much precaution as possible to minimize the chances of your account credentials leaking online. One way is to use one of the best password managers.