# Have I Been Pwned: Routinely Change Your Passwords



## ShadowSpear (Oct 12, 2016)

Always change your password regularly and don't use the same password on every website you frequent.   

FYI, you can plug in an email address here and you'll find out if your email/password was extracted from a website's database during a hack.  If you get the red banner.....change your password.

Have I been pwned? Check if your email has been compromised in a data breach


----------



## Brill (Oct 12, 2016)

14 random characters to include a mix of special characters, capitals, etc works (for awhile) for a reason. The goal is to make (hope) they move on to easier targets...like @Ooh-Rah


----------



## Ooh-Rah (Oct 12, 2016)

Well shit...

DropBox, Comcast, and LinkedIn all get a FAIL.

I like that it gives month/date as well.

Thanks for posting...


----------



## Raptor (Oct 12, 2016)

lindy said:


> 14 random characters to include a mix of special characters, capitals, etc works (for awhile) for a reason. The goal is to make (hope) they move on to easier targets...like @Ooh-Rah





Ooh-Rah said:


> Well shit...
> 
> DropBox, Comcast, and LinkedIn all get a FAIL.
> 
> ...


Looks like they already moved on 
I actually one pwn and my password has been changed


----------



## Muppet (Oct 12, 2016)

Mine is linked in but I have not been there for a long time.

M.


----------



## Ohge (Oct 12, 2016)

Someone got my old Wildstar account. Happy hunting to that poor sap!

Awesome link, thanks for posting!


----------



## compforce (Oct 13, 2016)

so that site is full of crap.  According to it, I was pwned on three services, none of which I've ever used.


----------



## SpitfireV (Oct 13, 2016)

And in the meantime they've got a bunch of email addresses to sell I'd imagine.


----------



## ShadowSpear (Oct 13, 2016)

Mine was pretty accurate.  It even included a pretty large forum I was a member of.


----------



## Ooh-Rah (Oct 13, 2016)

compforce said:


> so that site is full of crap.  According to it, I was pwned on three services, none of which I've ever used.



I thought The same til I did a bit of research; found a number of sites (including the two below) that make me think the tool is legit. 

To add - is it possible that the services you do not recognize are sites where someone else used your email address?

Have I Been Pwned? - Wikipedia

The Rise of ‘Have I Been Pwned?’, an Invaluable Resource in the Hacking Age


----------



## TLDR20 (Oct 13, 2016)

Linkedin....


----------



## Rapid (Oct 13, 2016)

Pwned on one site... MySpace, hah. That was fucking years ago. Definitely not the same passwords I use now...


----------



## CQB (Oct 13, 2016)

The flip side (and downside) of the coin is password safes & encryption. I had info stored on Truecrypt until they decided to call it a day & lost the info. The password safe was fine until I broke the phone. As good as these tools are, it pays to back up more than once. Passphrases instead of passwords are always a better option too and easier to remember.


----------



## Crusader74 (Oct 13, 2016)




----------

