There are repeated reports that millions of passwords have been hacked. However, after this news briefly receives full public attention, the matter is quickly forgotten again. Almost as if it was a one-off incident that never happens again. Basically, this is normal. And when the media and companies keep telling us that our data is secure (encryption, fingerprints, etc.), we feel safe. We no longer think about the fact that new "good" technologies are constantly being hacked and misused by "bad" people.
Have you also been hacked? There are several tool providers on the market that search databases with stolen identity data. We have tested several of them: HPI Identity Leak Checker in German and English and haveibeenpwned in English.
HPI Identity Leak Checker
The HPI Identity Leak Checker asks for your e-mail address and sends you an e-mail to exactly this address shortly afterwards. If your e-mail address is "clean", you will receive this e-mail:
If your e-mail address was found in the database of stolen identity data, you will receive an e-mail that looks like this:
You can see that several accounts have been affected. In the case above, however, only passwords have been hacked and not sensitive bank account data.
haveibeenpwned
The English tool haveibeenpwned works in a similar way, but shows the results directly on the page after a while. All you have to do is enter your e-mail address:
After the analysis, you will see a picture like this, for example:
You will see that the same online services are displayed. But there is also the Bitcoin Security Forum. A very nice solution is that you can have emails sent to you if your own email address appears in the database later. The information on the individual services is also interesting.
Here you should go to the websites of the individual providers and change your password immediately. A little tip: If you no longer need one or other online account, now would also be a good time to delete it.
Secure passwords
The fact is: our data is not 100% secure. At no time, with no provider. But we can do something to make it more secure, and it's pretty simple: change our passwords regularly. But how are we supposed to remember a 10-character password that contains numbers, capital letters and special characters? The requirements for a password today are very strict. For example:
- Mix upper and lower case letters
- Use numbers
- Use special characters
- Do not use the password anywhere else
- Do not use names or dates of birth of important people, pets or celebrities
- and much more.
That sounds like a lot of work! But we'll show you a way to easily create different, unique and secure passwords that you can even remember. The keyword is "algorithm". An algorithm in this case is a scheme according to which your passwords are created.
The scheme could be as follows: _J4_90xXrtZ_81?f, where the underscores are each placeholders for other letters or numbers. For example, these letters could come from the names of the providers. Let's assume you have a Google account, are an iTunes and amazon customer and also an ebay customer. You therefore need 4 passwords that are secure and meet the above requirements. Using the example algorithm and the letters of the provider's name, these unique passwords are created:
| gJ4o90xXrtZe81?f | |
| iTunes | iJ4t90xXrtZs81?f |
| amazon | aJ4m90xXrtZn81?f |
| ebay | eJ4b90xXrtZy81?f |
The placeholders were filled in like this: First letter, second letter, last letter of the vendor's name.
The algorithm can be used for any online account, so you only need to remember one password and your wildcard scheme.
Of course, your algorithm can become much more complex. For example, you can transform numbers into letters, depending on the letter's place in the alphabet (g would be 7).
The important thing is that you know your algorithm. And even if these passwords are secure now, you should change your algorithm regularly and assign new passwords.
Further security information especially for Drupal developers can be found in our current blog post Top 10 Security Tips & Tricks for Developers (Drupal 8)
