Step four
Further checks
This page offers you further useful guidance and resources that could help you either now or in the future. It recommends some third-party websites and services that are established, free and reputable, although please note we are not responsible for the content of third-party sites.
If you have performed all the urgent actions in steps 1-3, then you can safely skip this section or come back to it at a later date or find out more about who we are.
See where your credentials have been circulated on the internet
This offers multiple services such as a password checker and incident checker. It is maintained by Troy Hunt, a Microsoft Regional Director, and collects data that comes from a large number of "breaches" and that has been leaked onto the internet. Here, you can enter your email address to discover how many times it has appeared in known breaches, with source details of each one. This might help you to identify from where your credentials were leaked.
Did you
know
At the time of writing, the site contained data from 742 hacked websites that included over 12.9 billion credentials
Note that if your email address returns no results then it’s because this website is as yet unaware of the source of the breach that we have contacted you about - unfortunately it does not mean that you have not been affected.
Additionally, by selecting the ‘password’ menu option, you can check whether a password that you’ve used or have chosen matches their database. The site explains how frequently that password has been discovered in use. If it is in their list, then you might want to consider using a different password. If the password that you want to use is unknown to them (i.e. it has not been found via a known data breach), then it will be naturally more secure.
Check the quality of your passwords
The antivirus company Kaspersky offers a playful, yet realistic, method to check the quality of a password. You can enter a password (we suggest similar but not the same as the password that you want to use.) It will give you immediate feedback regarding how long it will take a cyber-criminal to crack it.
A few examples:
PASSWORD | TIME TO CRACK
------------------------------------------
password | 1 second
Password | 1 second
P@55w0rd | 1 second
Tiavdp! | 2 days
("This is a very difficult password!")
From our given examples:
PASSWORD | TIME TO CRACK
------------------------------------------
WIbbi98f91? | 33 days
WIbbi98f91?WIbbi98f91? | 66 days
Ibmfci5002wIw91yo! | 10000+ centuries
(The WINNER)
Other sites that may help you:
Cybernews.com is a research-driven online publication dedicated to guiding individuals safely through the complexities of the digital world. One of the key features on their website is a service similar to 'Have I Been Pwned?', which offers a database of leaked credentials. This tool allows users to check whether their credentials have been compromised. However, it's important to note that the service does not specify the exact data that has been leaked. Currently, their database encompasses information from 28,210 breached websites, totaling over 15.5 billion compromised credentials. The provided link directs users straight to their data leak checking tool.
Credit Karma has a reputation as the leading service to monitor your credit. They also provide data monitoring features, including those that cover password breaches.
DeHashed allows you to search for leaked credentials: not solely by email, but by username, address, and more.