After “Mother of All Breaches,” Update Passwords on Compromised Sites

ByEmily Dolloff

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on compromised sites, especially those you reused on another site. Cybernews has a leak checker that reports which breached sites include your data.

Apple also has a tool for you that can help.  Now that Passwords is one of the system settings on your Mac or iOS device you can click on “Security Recommendations”  and the Password AutoFill passwords list in iOS, iPadOS, and macOS indicate which of a your saved passwords will be reused with other websites, passwords that are considered weak, and passwords that have been compromised by a data leak.

  • Passwords are marked reused if the same password is seen used for more than one saved password across different domains.

  • Passwords are marked weak if they may be easily guessed by an attacker. iOS, iPadOS, and macOS detect common patterns used to create memorable passwords, such as using words found in a dictionary, common character substitutions (such as using “p4ssw0rd” instead of “password”), patterns found on a keyboard (such as “q12we34r” from a QWERTY keyboard), or repeated sequences (such as “123123”). These patterns are often used to create passwords that satisfy minimum password requirements for services, but are also commonly used by attackers attempting to obtain a password using brute force.Because many services specifically require a four- or six-digit PIN code, these short passcodes are evaluated with different rules. PIN codes are considered weak if they are one of the most common PIN codes, if they are an increasing or decreasing sequence such as “1234” or “8765,” or if they follow a repetition pattern, such as “123123” or “123321.”
  • Passwords are marked leaked if the Password Monitoring feature can claim they have been present in a data leak.

 More generally, password managers often have a feature that checks your passwords against the Have I Been Pwned database of breaches and helps you change compromised passwords—1Password’s is called Watchtower, shown below.You can also search Have I Been Pwned directly. Don’t panic if your email address appears in numerous breaches because some of the theoretically compromised accounts may be defunct sites, trivial sites you used once 10 years ago, or duplicate password manager entries for a site whose password you already updated.

(Featured image by iStock.com/Prae_Studio)

Similar Posts

  • Do you use iCloud for Safari?

    With all the news surrounding the government’s attempt to force Apple to write software that doesn’t exist to crack an iPhone, iCloud has been in the news, too! Do you use iCloud? Apple has some huge server farms to support this amazing technology and I thought it would be good to do a brief review of some of the features as they relate to Safari.

    iCloud has sort of settled to the back of my mind because it just does its thing in the background and serves up features that I take for granted. But this week, I ran into a dilemma that puzzled me for some time. I noticed that I had accidentally deleted one of my folders in my Safari favorites bar. These were important bookmarks and I needed them back. Well, like a good boy, I have a Time Machine backup and quickly went back in time and restored my Safari bookmarks from a time before I had deleted them. Good stuff, but when I went to look the next morning, the folder was gone again. This happened a few times with me going back in time to get the .plist file. Then I figured it out – I had Safari active in iCloud so my bookmarks were being synced in the cloud. So, every time I restored it, it would eventually be overwritten by iCloud. The solution? Really sort of simple, I turned off Safari in iCloud preferences and turned it back on, problem solved.

    Activating Safari in iCloud gives you some great tools. You can start browsing on your iPad and pick up seamlessly from your Mac or you iPhone. It syncs your bookmarks and tabs and if you also use iCloud Keychain it will remember all those passwords for the websites you visit. If you use the reading list function of Safari it will also keep those current across your devices.

    As with the other features of iCloud, the features only work if you are signed on with the same Apple ID on all of your devices. It won’t know that you are signed onto one AppleID with your Mac and another with your iPhone. Most common issues with iCloud come down to this simple issue. Apple has not made it easy to merge Apple IDs so at least for iCloud you should be consistently using the same Apple ID. Open the iCloud System Preference on your Mac and choose Safari to activate iCloud on your Mac or go to the iCloud Setting on your iPhone or iPad to activate.

    You can also access the Safari tabs that you have open on your Mac on your iPhone or iPad. It is a bit different looking on the iPhone or iPad. Open Safari on your iPhone or iPad and then tap the tabs icon. You will see all of your open Safari windows but if you scroll down at the bottom will be all the tabs open on your Mac and you can click on any of those to make it active.

  • _Dear Friends,_

    Definitely some weird weather in Vermont. One day it is below 0 F and the next day it is in the 40’s and raining. It makes for some tricky driving as wet pavement can hide some black ice. Hopefully as we enter March there will be some snow because the ski areas and local merchants are suffering from the weird weather. We can take a lot of snow and freezing temperatures but this freeze/thaw cycle is just annoying.

    Apple has very strong hardware sales but their hidden gem may be the recurring revenue streams that they develop. Of course, we know about the 11 million+ subscribers to Apple Music that pay a monthly fee and the iCloud storage fees but there are other much larger streams that provide Apple with consistent revenue. The iPhone is a big one that has two parts to it – on the one hand, people want to upgrade to the latest iPhone and that upgrade business is huge. There is also Apple’s new financing of iPhones that spreads the cost of the iPhone over several months and allows much easier iPhone upgrades. The carriers are also offering these easy upgrade programs which enhances the recurring revenue stream. It is sort of like printing money.

    This week’s Kibbles & Bytes exclusive features the “**Apple Factory Reconditioned 21.5-inch iMac**”:http://www.smalldog.com/wag900002159 with 2.7GHz i5 processor, 8GB of ram and a big 1TB drive. We are bundling this with the AppleCare Protection Plan which extends Apple’s 1-year warranty to 3-years and extends your 90-days of free technical support from Apple from 90-days to 3-years. To complete this bundle because we always want you to have a backup of your personal data, we are including the Apple Factory Reconditioned 2TB Time Capsule. The Time Capsule is the combination of an Airport Extreme base station and 2TB hard drive. Because you are buying it at the same time as the iMac it is also covered for 3-years by AppleCare! Normally, if you bought this bundle new it would cost $1769, bought normally as Apple Refurbished it would be $1399 but this week for Kibbles & Bytes readers you can get this great deal on an iMac with Time Capsule and AppleCare for only “**$1299.99!**”:http://www.smalldog.com/wag900002159