To help Internet users pick passwords that haven't already fallen into the hands of hackers, the founder of the website HaveIBeenPwned.com has published an impressive list of more than 300 million names and character strings that have been stolen in recent years in the course of hacking attacks and massive security breaches. The list can be downloaded for free.
Every year, huge amounts of personal data are accumulated by computer hackers around the world.
Anyone may be affected by incidents of this type, as the attacks that compromised Yahoo and LinkedIn in recent years will attest.
Now the website HavelBeenPwned.com is offering access to a comprehensive list of 306 million passwords that have been made public without their owners' knowledge. In all, this amounts to a download of 5.3 gigabytes, which could prove handy when it's time to pick a new password.
But be warned that this data may have passed through the hands of ill-intentioned people, and there is no actual proof that all the character strings have already been used, but if a password is included in the list, it's best avoided.
HaveIBeenPwned.com already offers a service that enables Internet users to check to see if their personal data has been pirated, by simply inputing an email address or password.
If the address or password features in the list of stolen data, the site generates a list of known security failures and the user accounts concerned. This will include information on all the break-ins and other incidents of hackers gaining illegal access to website data.
If a password has already been used by hackers, clearly it should be changed, and users should make sure that any new password does not feature in the compromised list of 306 million character strings.
At the same time, Internet users are advised to use two-factor identification for important accounts (email, social networks, etc.) wherever possible. This involves making access to accounts conditional on the input of both a teaditional password as well as a code obtained via SMS or email. Two-factor identification will also issue a warning in the event of an attempt to hack in to an account. When this happens it's obviously time to change your password.
Download the list of 306 million passwords accumulated by computer hackers: haveibeenpwned.com/Passwords