After “Mother of All Breaches,” Update Passwords on Compromised Sites

ByEmily Dolloff

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on compromised sites, especially those you reused on another site. Cybernews has a leak checker that reports which breached sites include your data.

Apple also has a tool for you that can help.  Now that Passwords is one of the system settings on your Mac or iOS device you can click on “Security Recommendations”  and the Password AutoFill passwords list in iOS, iPadOS, and macOS indicate which of a your saved passwords will be reused with other websites, passwords that are considered weak, and passwords that have been compromised by a data leak.

  • Passwords are marked reused if the same password is seen used for more than one saved password across different domains.

  • Passwords are marked weak if they may be easily guessed by an attacker. iOS, iPadOS, and macOS detect common patterns used to create memorable passwords, such as using words found in a dictionary, common character substitutions (such as using “p4ssw0rd” instead of “password”), patterns found on a keyboard (such as “q12we34r” from a QWERTY keyboard), or repeated sequences (such as “123123”). These patterns are often used to create passwords that satisfy minimum password requirements for services, but are also commonly used by attackers attempting to obtain a password using brute force.Because many services specifically require a four- or six-digit PIN code, these short passcodes are evaluated with different rules. PIN codes are considered weak if they are one of the most common PIN codes, if they are an increasing or decreasing sequence such as “1234” or “8765,” or if they follow a repetition pattern, such as “123123” or “123321.”
  • Passwords are marked leaked if the Password Monitoring feature can claim they have been present in a data leak.

 More generally, password managers often have a feature that checks your passwords against the Have I Been Pwned database of breaches and helps you change compromised passwords—1Password’s is called Watchtower, shown below.You can also search Have I Been Pwned directly. Don’t panic if your email address appears in numerous breaches because some of the theoretically compromised accounts may be defunct sites, trivial sites you used once 10 years ago, or duplicate password manager entries for a site whose password you already updated.

(Featured image by iStock.com/Prae_Studio)

Similar Posts

  • My daughter Autumn and her husband Ismael are coming to visit next week which should be fun. Then we pack up and head back to Vermont. Hopefully the weather will cooperate but it seems like warmer weather is in the forecast for the Green Mountains.

    Thank you so much for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily, Hadley & Amy_

  • Hey Dora, Follow Orders!

    Last week we talked about how to activate and use dictation to write emails and documents but there is a lot more that you can do. I keep thinking about Scotty from Star Trek when he went back in time and was “**confronted with a Mac Plus**”:https://youtu.be/LkqiDu1BQXY?t=1m8s. He picked up the mouse as natural as can be and said “computer…”. That time is coming and Dictation Commands are already built into your operating system.

    Once you have dictation activated you can activate dictation commands by going to the Accessibility system preference.

    * Choose Accessibility from System Preferences.

    * Choose Dictation from the list on the left side of the Accessibility pane.

    * Click the Dictation Commands button. You can see a list of available commands in the Dictation Commands sheet.

    * A starting set of commands are enabled by default. Additional speakable items like “Open document” and “Click item” are available by enabling advanced commands using these next steps:

    * Select (check) the option to “Enable advanced commands” in the Dictation Commands sheet that appears.

    * Click Done.

    p{text-align: center;}. !http://blog.smalldog.com/images/4710.png!

    After you have enabled advanced commands, you can also create your own commands by clicking the Add Command (+) button. This lets you link a spoken phrase to an app, a menu item, a keyboard shortcut, or an Automator workflow.

    You have enabled Dictation Commands and now you can speak any of the items in this list to perform the related action. Press the Fn key twice, then say a command to make it happen, such as “Search Spotlight for the Cubs score” or “select sentence” or “new document”. Give it a try and pretty soon you will be just like Scotty and the Mac Plus.

    As a shortcut, you can speak the command “Show commands” to see a list of the commands you can say.