With new stories about hacked websites and stolen passwords emerging almost daily, here are some new browser tools that alert you if you sign in anywhere using a password that has been breached.
Here’s How To Find Out If Your Password Has Been Stolen By Hackers
By Robin Andrews, IFLScience.com
May 27, 2018
[Statistically, you] are likely to be someone who uses the same password for several logins, across websites or computers. There’s a fairly decent chance that at some point, one or several of your passwords have been stolen and posted on forums for other hackers to try out.
Enter, Okta, whose plug-in for Chrome (a version for Firefox is coming soon) lets you know how safe, or unsafe, your passwords really are. Okta is described by CNET as a login management company, which doesn’t sound particularly thrilling. Popping over to their website, it appears that this is indeed what they do, but to put it in a mildly more exciting way: They are the guardians of the virtual gateways, those that stop nefarious hackers getting to you as you log in to whatever digital platform you or your company are using.
They’ve recently gone one step further and released a browser plug-in named
. When you use a password to sign in to Twitter or anything of the sort, it’ll inform you just how many times the password in question has been exposed in a data breach. PassProtect
is currently available as an extension for Chrome only, although they say a version for Firefox is in the works. PassProtect
In the meantime, if you are a Firefox user, you can try a similar add-on called
. Prevent Pwned Passwords
helps make sure you don’t use any password that’s known to have been part of a data breach. If you try to use a password that’s known to have been compromised, you’ll get an alert. Prevent Pwned Passwords
You can choose to run it whenever you enter a password on any site, whenever you enter a password on a “Create Account” page, or only when you choose to check a password from a context menu. You can also whitelist sites, giving you greater control over what passwords are checked.
This extension hashes your password and securely checks that hash against a database of hashes known to be breached. If it’s been involved in a past breach (of any account across hundreds of sites), it notifies you so you can change your password.
Note that the only data ever transmitted is a password hash. We never send a clear-text password or any identifiable information like a username or a URL.
This extension uses the
service. Have I Been Pwned
I installed the
extension on Firefox on May 28 and it has already alerted me to four breached passwords that I didn’t know about. One was my go-to throw-away password for low-security sites that I don’t care about but two of them were actually passwords I have used on more significant sites. Needless to say, I changed those passwords immediately. Prevent Pwned Passwords
(I also installed
on Chrome since I use that occasionally as a backup and for testing websites.) PassProtect
I strongly urge you to install one or both of these extensions now. You might be (unpleasantly) surprised by what they reveal.