e-mail accounts are a pretty serious single point of failure, more so than I think most people ever consider. Recovery accounts and 2 factor authentication help (if you have them setup), but there is a new option that a lot of people won’t know about. email address aliases.
Troy Hunt has updated the haveibeenpwned list of pwned passwords, which now contains a staggering 501 million compromise passwords (as SHA1 hashes). It now also includes a count of how many time that password has been found, so you can see just how poor your password choices are!
Have you been pwned? Troy Hunt, a security researcher at Microsoft has set up a great project called “haveibeenpwned” so you can find out. You can use the website to search for an e-mail address and see if they have been included in past data breaches. You can also sign up to be notified of future breaches too. If your e-mail has been found, it will tells you what data has been leaked, such as poorly hashed passwords. My results (for my generic sign-up email) are below. The Adobe and LastFM password leaks are a serious concern since MD5 is no longer considered a secure hashing algorithm. Oops. Continue reading “Have You Been Pwned?”