Have I been pwned? has been round for a long time and has allowed users to check their email/phone against known data leaks or hacks where information has found it's way onto the web/dark web.
Today, the UK NCA shared a database of 585 million compromised passwords with the site, which gives us an added resource of things to check.
So, if you can, before you reset you next password - check here
You may think your dogs birthday is special and no one will know it, but try it....
Why is this important?
Well if you are trying to breach a system, you can just try a brute force attack, trying every combination. This takes time and resources and is quite often detectable.
Phishing attacks are targeted and you may be susceptible. But a nice middle ground is using a limited set of known/common passwords. Either dictionary attacks and combinations of databases such as this.
You may think that 585 million is a lot to search - but its not many for a decent computer. Certainly faster than searching the hundreds of billions what a complex password character set would afford.
Pro tip. Don't use passwords from comics or sources like this. correcthorsebatterystaple has been used and pwned.
Hopefully you will be swimming in a sea of green...
Lets not make it easy for hackers this Christmas.