Have I been ‘Pwned’?

What does “pwned” even mean?

The word “pwned” originates in video game culture referring to the domination of another player. The word is a derivation of the word “owned” and has also come to be a slang word for hackers.  Personal information is increasingly difficult to secure on the internet, where can you find out from which sites your data has been hacked and compromised? Data breaches happen at a large frequency and can happen to anyone.

How do I check?

HaveIBeenPwned is a website that allows you to check if you have an account that has been compromised in a data breach. The site came about after what at the time was the largest ever single breach of customer accounts – Adobe. In 2013, 153 million Adobe accounts were breached: IDs, usernames and passwords had been compromised. The website has been praised, as a valuable free resource for internet users wishing to check their internet privacy and protection.

To check for breaches, write in an email address or username into the search bar on the homepage and in seconds the site will return to you any breaches that have occurred.  This can be anything personal from date of birth to gender, email addresses to passwords.

I have been ‘Pwned!’ How do I prevent this in future?

Never use the same password on multiple users, this then puts you at risk of further accounts being compromised. The best way to avoid a breach is to use one password per account.

https://twofactorauth.org/ is a database that shows if whether websites support 2FA. The site also allows you to search website, company or app from the homepage and relays a grid of what type of 2FE is offered as well as the policy of each company. With the demand, many online companies have included 2FA in the settings, which allows you to enter a pin of your choice after log in, receive a text, email etc.

Just about any account on the internet is prone to being hacked. Something everyone can do to prevent this is use two-factor authentication. A lot of sites now have the options to use 2FA to use your phone as a secondary safety precaution. There are authentication apps such as, Authy, Google Authenticator or Microsoft Authenticator.

With the free app, you scan a QR code associated with your account, and it is saved in the app. The next time you log in to your account, it will ask for a numerical code; just open the authenticator app to find the randomly generated code required to get past the 2FA.

The next step to consider is using an application to generate and keep track of your unique passwords. There are many password managers that create an individual password such as, 1password.com, Dashlane.com or Keeper.com, to name a few. Save your passwords and log into sites with a single click with a password manager.

The only secure password is the one you cannot remember!