Monday, December 28, 2020

Bad passwords

 

I had a bad habit when it came to passwords. It was not that the password I used would have been easy to guess, but I used the same password on many sites and sooner or later some company would have a breach. Those looking to breach accounts would be most likely to then try these passwords on common sites to see if they would work.

We have been using LastPass now for months and all of my main accounts have been shifted to unique and strong passwords. I still do use a common password when I investigate sites requiring that I create an account because there is a bit of a hassle when creating a new password in LastPass, but I do fix this if I decide to stick with a service.

I listen to the EdTech Situation Room and they described a service allowing you to determine if a password was among those the service had been able to find on the dark web. The service is called PWNED Password. I tried a couple of my old passwords and did find that one of them was available to others somewhere.

I have tried to investigate this site as you have to enter a password to determine if it appears somewhere else, but I don't know how else you would go about providing this service. The service does not ask about services associated with the passwords and all of the info I can find suggest it is a useful service.

BTW - just because the system does not already have a password in a database does not mean that it is not out there somewhere.

No comments: