In January of this year, an estimated one billion user accounts were exposed by a massive data breach.
Dubbed “Collection #1”, it spanned 12,000 files and was 87 gigabytes in size. Security researcher Troy Hunt exposed Collection #1 when it appeared on a hacking forum.
Hunt collected this information for his philanthropic effort known as haveibeenpwned.com. Users can enter their email address and search to see if any of their online accounts have been involved in any well-known or wide-scale data breaches. The site places a strict emphasis on privacy. Everyday visitors to the site are not allowed unlimited access to Hunt’s entire database.
With sites requiring a log-in every day, it's nearly impossible to keep track of all your logins and passwords, let alone which sites you've signed up for and what passwords have been used. Consider using a password manager. (Lastpass, Dashlane and PassPortal are all viable options)
With that in mind, this month Google has come out with a new extension engineered to give you a little more peace of mind when inputting those login credentials called Password Checkup.
“Password Checkup” is designed to alert you on specific sites if your password has been involved in a breach. It’s a handy extension that, used along with haveibeenpwned.com or other sites like it, should take some of the guesswork out of which of your accounts may have been compromised.
Here’s how to install it:
1. Look up the Chrome Web Store on your favorite search engine.
2. Click on the Chrome Web Store – Extensions link
3. Type “Password Checkup” in the search window and hit “Enter”.
4. Find the extension that matches the one above and click the “Add to Chrome” button.
5. Select the “Add extension” option in the lower right-hand corner of the window.
6. You should have the above dialogue box and a new icon in your toolbar!
Once added, if you visit a site that the extension detects a breach involving your credentials, the shield icon will turn red and notify you. At this point you probably need to change your password for this site. Or you can always turn off notifications on individual sites using the “Ignore” button.
Disclaimer: As we have seen so often in cybersecurity, there is no quick fix or sure thing. Please remember to always rotate your passwords frequently and don’t use the same password for all your logins.
If you have questions about passwords or any other aspect of small business cybersecurity, please free to contact Sagiss today, and we'll be happy to help.