Are your credentials known to Cyber Criminals?

The Dutch Police announced a new service last week where people can check if their email address and password are known to cyber criminals. The Dutch police has built a database from data coming from confiscated equipment from known cyber criminals. I think this is a good initiative. Currently the Dutch databased holds 60.000 records (email address/ password). Last month the German police announced a similar initiative.

But if you really like to know if your username/email address and passwords are known to the bad guys and being traded on the dark-web, do the check on Have I Been Pwned? https://haveibeenpwned.com

The database behind on that site (created by Tory Hurt) holds the astonishing amount of 3.914.073.118 records with a unique combination of used username/email address password. (almost 4 billion accounts) A big chance that your username is known there, especially if you were using LinkedIn in 2012. :-)

Is that a problem? Not necessarily, But I'm assuming you do change your password on a regular basis and that you know how to make a good password.

Depending on the uses algorithms to store passwords (hashed, salted etc) hackers will have more trouble cracking the encrypted passwords. But there are also tools and tricks available for that.

So, stay safe and change your password on a regular basis. Use strong passwords

• Use a sentence that you can remember
• Change some letter with numbers
• Add some punctuations (This week I saw a good article on LinkedIn - becomes - tW1sagaoL1!! )

Stay Safe. Roland Broersen