You shouldn’t use these 320 million passwords – Updated Sep. 2017
For research purposes (and to satisfy their curiosity) security researchers “CynoSure Prime” cracked the hashes of virtually all 320 million passwords.
You’re looking for the one, the unbeatable password? Well, security expert Troy Hunt does have a few hundred million available – that you should try and stay away from. Troy Hunt is best known for the service he offers on haveibeenpwned.com: a search that allows you to see if your email address was compromised by a data breach. Now he has introduced a new option that allows you to check if your password was compromised. The aim is to help individuals and companies to improve their online security.
Why should you take a look at this password search?
Over the last year we’ve seen a lot of data breaches. Just to name some of the bigger ones: LinkedIn, Yahoo, Dropbox, Lastfm, MySpace, Adobe, Tumblr, and Badoo. There were – of course – even more but it would take too long to list them all. Why then mention this at all? To make sure that if you are in the need of a new password you stay away from passwords that were involved in breaches. They are the ones that can most likely be found in hacker toolkits – no matter how random or complicated they were in the first place. The haveibeenpwened.com search is there to help with that:
My hope is that an easily accessible online service like this also partially addresses the age-old request I’ve had to provide email address and password pairs; if the password alone comes back with a hit on this service, that’s a very good reason to no longer use it regardless of whose account it originally appeared against. — Troy Hunt.
He keeps on and recommends to also not search for any passwords you currently use:
It goes without saying (although I say it anyway on that page), but don’t enter a password you currently use into any third-party service like this! I don’t explicitly log them and I’m a trustworthy guy but yeah, don’t. The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s not one they should no longer be using. Mind you, someone could actually have an exceptionally good password but if the website stored it in plain text then leaked it, that password has still been “burned”. — Troy Hunt
So even if you probably should not look up your actual password the tool is still able to make a point to you, your friends, and your co-workers: “This password already was detected by a data breach. You really shouldn’t use it!”
With a data base of about 320 million passwords, it might become difficult to find the one and unbeatable password.
This is how you’re going to create a strong password
Even if you find out that you and your online data are perfectly safe, the sheer amount of stolen credentials alone should make you think about your account security. The following tips will help you to protect your accounts even further:
- Passwords such as 1234 are a no go. You also shouldn’t use any other password from our list of the worst passwords of them all.
- Do not use the same password for all of your accounts.
- You should change your passwords on a regular basis – yes, even the passwords of your email accounts.
- A password manager simplifies your life and you just have to remember one password: The master password.
Will you test the password search?