Is My Password Compromised?
Curious whether a password is in a record of data breaches?
The Cybersecurity Team Password Recommendations
We strongly suggest using a pass-phrase of at least 20 characters that will be both secure and easy to remember.
Here are guidelines for creating a passphrase:
- Use words that are relevant to you
- Use a phrase or title from something you like, like a song or book
- Use abbreviations or acronyms
- Make the passphrase at least 20 characters long
- Include uppercase letters, numbers, and punctuation/special characters
- A combination of two or more passwords you already know can be easier to remember
Here are some example passphrases that may help you build your own memorable passphrase:
- My #1 doggo loves popcorn!
- D-Broncos dominate in '26
- Sasha-Bertie-Frank 4610
- The#1 clay pigeon master
- Petunia, Dahlia, & Impatient 123
- My Fat cat 8 the neighbor's dog
For the curious, we thought we would leave a little explanation here on how this tool actually functions. This gets a little technical, but nothing too painful.
When a password is entered into the tool, a hash of that password is generated. We take the first 5 characters of that hash and send them over an encrypted API request to the service Have I Been Pwned. Have I Been Pwned then responds with all the password hashes in its database that begin with the same 5 characters we sent. A comparison of those values is then done locally, and if a match is found we can see how many times that password has been seen in previous leaks.
If you want an even deeper look, check out the Github!
Have I Been Pwned is a website and tool for checking to see if your email address has been seen in any of the numerous data leaks that happen so often. They also provide a service to check and see if a password you use has been seen in any of those leaks. They are a trusted and well respected source on the latest data leaks, and are constantly updating their database.
