Huge data set: 1.3 billion passwords leaked: Is one of yours among them?

New data from HIBP reveals 1-3 billion compromised passwords and nearly two billion email addresses — New data from HIBP: 1.3 billion compromised passwords and nearly two billion email addresses.

The query database "Haveibeenpwned.com" has added well over a billion compromised passwords to its dataset. Here's how to check if your login credentials are still secure.

The well-known website Haveibeenpwned.com, which searches for leaked login data, has expanded its database with a massive dataset. This includes 1.3 billion new passwords and 2 billion email addresses that the IT security company Synthient found freely accessible online.

The passwords in question are primarily those used for two or more logins, contrary to all security guidelines. Passwords should be unique for each purpose.

Very easy query: Just enter your email address.

To find out if they are affected by the current or other leaks, users can easily and free of charge enter their email address on Haveibeenpwned.com and will then be shown directly whether compromised passwords have been found for the entered email address or not.

"Have I been pwned?" (HIBP) essentially means: "Have I been compromised?" And to truly answer this question, it's worth regularly checking your own email addresses. That's because HIBP's operator, Troy Hunt, an Australian IT security researcher, constantly adds new data to the database, reflecting leaks and hacks that surface online.

Double the protection: Also use the Identity Leak Checker.

Even though there will be overlaps in the data sets, it is advisable to use another free query service in parallel: the Identity Leak Checker from the Hasso Plattner Institute (HPI). This checker also relies on a database containing countless leaked identity data. If the queries on either site return a match, the compromised password for the respective service should be replaced quickly with a new, secure password.

Important: Each service must have a unique password. Using the same password for many or even all services is risky, as it gives attackers an easy way to take over many or all accounts in a flash.

Because nobody can remember dozens of complicated passwords, the German Federal Office for Information Security (BSI) recommends using password managers. Alternatively, you can also be more secure online with the help of a password reminder sheet – the BSI explains the method behind this on its website.

Staying safer online : Three tips for better email security

For increased security: Activate 2FA

Furthermore, you should activate two-factor authentication (2FA) for online services wherever it is available. Thanks to a second code requested during login, attackers cannot access the account even if they have obtained the password.

Users can already begin switching to Passkeys, the successor to passwords. Passkeys enable passwordless login using a cryptographic key pair.

For even greater security: Use passkeys instead of passwords.

The service requests a cryptographic key stored on the user's device for login. The request then simply needs to be authorized – conveniently via fingerprint or PIN. This key is then compared to its counterpart, the public cryptographic key, which is held by the service – and the user is logged in.

Alleged PayPal data breach: How to protect your data with passkeys

You can store your passkeys on a secure USB drive (FIDO2), in a (mobile) operating system such as Android, iOS/MacOS or Windows, or in compatible password managers. If your current password manager is also compatible with passkeys, you can continue to use your existing passwords alongside the new passkeys without any problems.

Source: ntv.de, awi/dpa

n-tv.de