After “Mother of All Breaches,” Update Passwords on Compromised Sites

ByEmily Dolloff

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on compromised sites, especially those you reused on another site. Cybernews has a leak checker that reports which breached sites include your data.

Apple also has a tool for you that can help.  Now that Passwords is one of the system settings on your Mac or iOS device you can click on “Security Recommendations”  and the Password AutoFill passwords list in iOS, iPadOS, and macOS indicate which of a your saved passwords will be reused with other websites, passwords that are considered weak, and passwords that have been compromised by a data leak.

  • Passwords are marked reused if the same password is seen used for more than one saved password across different domains.

  • Passwords are marked weak if they may be easily guessed by an attacker. iOS, iPadOS, and macOS detect common patterns used to create memorable passwords, such as using words found in a dictionary, common character substitutions (such as using “p4ssw0rd” instead of “password”), patterns found on a keyboard (such as “q12we34r” from a QWERTY keyboard), or repeated sequences (such as “123123”). These patterns are often used to create passwords that satisfy minimum password requirements for services, but are also commonly used by attackers attempting to obtain a password using brute force.Because many services specifically require a four- or six-digit PIN code, these short passcodes are evaluated with different rules. PIN codes are considered weak if they are one of the most common PIN codes, if they are an increasing or decreasing sequence such as “1234” or “8765,” or if they follow a repetition pattern, such as “123123” or “123321.”
  • Passwords are marked leaked if the Password Monitoring feature can claim they have been present in a data leak.

 More generally, password managers often have a feature that checks your passwords against the Have I Been Pwned database of breaches and helps you change compromised passwords—1Password’s is called Watchtower, shown below.You can also search Have I Been Pwned directly. Don’t panic if your email address appears in numerous breaches because some of the theoretically compromised accounts may be defunct sites, trivial sites you used once 10 years ago, or duplicate password manager entries for a site whose password you already updated.

(Featured image by iStock.com/Prae_Studio)

Similar Posts

  • _Dear Friends,_

    I tuned into the Apple special “Let Us Loop You In” event on my Apple TV. We will talk about the new hardware and software but there were a few things that caught my attention that really help to define Apple as a truly different company.

    The first was Apple’s environmental commitment. They now boast that 90% of their operations, worldwide, are powered by renewable energy and 100% in the USA. This is a unique accomplishment that is made even more remarkable by Apple’s size. While Small Dog Electronics is proud to power our Waitsfield headquarters and S. Burlington store by solar energy, we have not yet reached the point of powering all our operations which is something Apple has done both by purchasing renewable energy and installing large scale solar arrays at their locations both in the USA and China.

    Their environmental commitment goes further with an awareness of the impact their products have on the waste stream. They made a point to describe the materials used which have lower impact and talked about their recycling program, too. The robot, Liam, that disassembles iPhones into its component parts was very cool and is a further demonstration of Apple’s leadership in environmental stewardship.

    The other part of the announcement that caught my eye was the extension of Apple’s altruistic Research Kit tool that has helped researchers gather data on several chronic diseases. CareKit takes that a step further, offering tools that help patients and their medical providers manage those chronic diseases. They already have several new apps in development, including one that provides post-surgical care monitoring and another for diabetes monitoring. Research Kit and CareKit are both open-source software that do not necessarily provide any revenue stream for Apple but provides the tools to improve health. I am very proud of Apple for its initiatives in these areas.

    This week’s Kibbles & Bytes exclusive is a “**home and away USB charger bundle.**”:http://www.smalldog.com/wag900002185/home-and-away-usb-charger-bundle-one-for-the-car-one-for-home This features the Hammerhead 2-port USB Automotive charger and the Hammerhead 2-port wall charger. Both have sufficient power to charge both an iPhone and iPad. If you are like me, you can never have too many chargers and this bundle is a great way to get a spare for you home and car! Normally, this bundle is $34.98 but exclusively for Kibbles & Bytes readers this week, it is $10 off at “**$24.98!**”:http://www.smalldog.com/wag900002185/home-and-away-usb-charger-bundle-one-for-the-car-one-for-home

  • Advice for Good Office Ergonomics

    Let’s look at how to keep your body comfortable and healthy when you interact physically with your Mac. In a word: ergonomics. You’ll…