December 3, 2023

On the impact of burning passwords

On the impact of burning passwords

Safe or not: on the trail of burnt passwords

The keys must not fall into the wrong hands: Anyone who discovers that one of their passwords has been compromised should act as quickly as possible. Photo: Patrick Balloll / dpa-Zentralbild / dpa-tmn

(Photo: dpa)

»The Potsdam Institute Hasso Plattner is included Those affected by identity theft often have to stand up for orders given by strangers on their behalf. But the damage is not always in any way financial in nature. If strangers gain access to private data or images stored on an online storage service, that can be very cumbersome.

In order not to fall into a freeze too if the worst happens, users should regularly check whether the logins for one or more of their accounts are actually floating on the network. This is possible through a simple query of databases, in which security researchers enter access data that was compromised after a hacker attack or data leak.

New “leak checker”

A brand new offer is Leak Checker“From the University of Bonn. As usual with the leaked databases, you enter the email address or email addresses that you use as a username for the Internet accounts and services on the website in question. An email notification will then be sent out as to whether the accounts are affected by the password theft and which one Including part of the password involved.

Today’s top jobs

It doesn’t hurt to query multiple databases at regular intervals. After all, some security researchers might have datasets that others don’t and vice versa. For example , ” PwnedDatabase query by IT security researcher Troy Hunt.

Mozilla leak inquiry service Firefox dæmonUses Hunt’s “Pwned” database, works almost identically, but differs in practical details: since the query result is only valid at the moment, you can also register and receive an email address on the screen page, then you’ll be notified as soon as your identity data appears On the web.

Also phone numbers or birthdays

Also with a query option called ” Identity Leak CheckerThere is the Potsdam Hasso Plattner Institute (HPI). Here too, email addresses are to be given. The database comparison is then used to check if the email address has been disclosed in relation to other personal data such as phone number, date of birth or online address and can be misused.

If there is an infection with a service, the burned password should be changed and not used – unless you already knew the leak or it was discovered a long time ago and you are sure you changed the password long ago anyway.

The fact that the password is not in any of the databases does not necessarily mean that it is essentially secure. Detailed information on creating strong and secure passwords can be obtained from the Federal Office for Information Security (BSI). Read slowly. The agency also recommends activating two-factor authentication (2FA) wherever it is offered.

See also  First Animals: The comb jellyfish was the first

Strong and unique

Since it is very likely that hackers will try to try stolen logins for a service on several other popular sites at the same time, the following also applies: Not only must passwords be strong, but they also have to be individual for each individual purpose – Also, especially in the absence of 2FA protection, it becomes. To help memorize various strong passwords BSI recommends Saved Phrases above all password.

A well-secured email account is especially important because it often represents a kind of master key for many other services that send out password-reset links by email.

“Dropout Checker” from the University of Bonn

Firefox Monitor

Pwned database

Identity Leak Checker des HPI

BSI Tips for Creating Secure Passwords

BSI Tips for Password Managers