After “Mother of All Breaches,” Update Passwords on Compromised Sites

ByEmily Dolloff

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on compromised sites, especially those you reused on another site. Cybernews has a leak checker that reports which breached sites include your data.

Apple also has a tool for you that can help.  Now that Passwords is one of the system settings on your Mac or iOS device you can click on “Security Recommendations”  and the Password AutoFill passwords list in iOS, iPadOS, and macOS indicate which of a your saved passwords will be reused with other websites, passwords that are considered weak, and passwords that have been compromised by a data leak.

  • Passwords are marked reused if the same password is seen used for more than one saved password across different domains.

  • Passwords are marked weak if they may be easily guessed by an attacker. iOS, iPadOS, and macOS detect common patterns used to create memorable passwords, such as using words found in a dictionary, common character substitutions (such as using “p4ssw0rd” instead of “password”), patterns found on a keyboard (such as “q12we34r” from a QWERTY keyboard), or repeated sequences (such as “123123”). These patterns are often used to create passwords that satisfy minimum password requirements for services, but are also commonly used by attackers attempting to obtain a password using brute force.Because many services specifically require a four- or six-digit PIN code, these short passcodes are evaluated with different rules. PIN codes are considered weak if they are one of the most common PIN codes, if they are an increasing or decreasing sequence such as “1234” or “8765,” or if they follow a repetition pattern, such as “123123” or “123321.”
  • Passwords are marked leaked if the Password Monitoring feature can claim they have been present in a data leak.

 More generally, password managers often have a feature that checks your passwords against the Have I Been Pwned database of breaches and helps you change compromised passwords—1Password’s is called Watchtower, shown below.You can also search Have I Been Pwned directly. Don’t panic if your email address appears in numerous breaches because some of the theoretically compromised accounts may be defunct sites, trivial sites you used once 10 years ago, or duplicate password manager entries for a site whose password you already updated.

(Featured image by iStock.com/Prae_Studio)

Similar Posts

  • _Dear Friends,_

    I have become super aware of mosquitos with all the news about the Zika virus. For some reason biting insects just love me whether they are super tiny no-see-ums here in the Keys or slightly larger ones in Vermont they seem to be attracted to me. The first thing that I noticed about the mosquitos down here is that they are tiny compared to the ones that come out every year in Vermont. Seriously though, this Zika virus seems like a very serious health epidemic with the World Health Organization calling it a crisis. They have a pretty serious mosquito control program down here with guys that go door to door to look for standing water and spraying year around.

    Apple announced their holiday quarter financials and they beat the estimates on the street and posted the most revenue and profit ever for Apple and in a truly remarkable factoid, the most profit generated in a quarter by any public corporation, EVER. I will talk about the financial results below but let’s just say if Apple has reached a plateau it sure is a lofty one! Just to contrast that a bit against the other guys, Samsung reported a 40% decline in profits. They posted about a $15.8 billion profit for the entire year which Apple crushed in a single three month period!

    This week’s Kibbles & Bytes exclusive features the “**Apple Certified Reconditioned 21 inch iMac**.”:http://www.smalldog.com/wag900002135/special-apple-certified-reconditioned-21-5in-imac-2-7ghz-w-applecare-for-1099 This iMac is configured with a 2.7GHZ i5 processor 8GB of ram and a 1 TB hard drive. This model has the latest 802.11ac wireless protocol and comes with the same 1 year warranty as new iMacs. We are bundling it with Applecare so instead of a 1 year warranty you get 3 years and instead of 90 day days of free Apple technical support you get 3 years too. Kibbles & Bytes readers can purchase this special bundle for “**$1099!**”:http://www.smalldog.com/wag900002135/special-apple-certified-reconditioned-21-5in-imac-2-7ghz-w-applecare-for-1099 That’s the lowest price ever for a warrantied iMac with Applecare!

  • Watch Out for PayPal Invoice Phishing Scams

    We’ve seen an uptick in fake invoices from scammers using PayPal. Because they’re being sent through PayPal itself, spam filters won’t catch them,…