Struggling to brainstorm a new password? To keep your personal data secure, make sure it isn’t one of the 306 million compromised codes compiled by cybersecurity advocate Troy Hunt.
As The Next Web reports, the founder and creator of Have I Been Pwned—the website that lets internet users check to see if their data has been compromised—spent several years collecting real-world passwords exposed in breaches. In August, Hunt launched a “Pwned Passwords” tool: a new, searchable database that lets members of the public type in a password they’re pondering to check if it’s been leaked.
You can browse through Pwned Passwords on Hunt's site, and the data is also available for free via download. However, make sure you don’t search a password you or someone you know is currently using. “It goes without saying (although I say it anyway on that page), but don’t enter a password you currently use into any third-party service like this!” Hunt warned in a recent blog post. “The point of the web-based service is so that people who have been guilty of using sloppy passwords have a means of independent verification that it’s … one they should no longer be using.”
Also, just because a password isn't listed as a compromised doesn't mean it’s necessarily a solid choice: Skip options like “Password100” (which, FYI, isn’t indexed on the site), and instead try crafting—and checking—a security code that’s long and full of capital and lowercase letters, numbers, and symbols. (Another good option is using a password manager.)
Aside from being practical, Hunt's Pwned Passwords tool also offers a fascinating glimpse into the human psyche, as many of the indexed passwords are funny, humanizing, or just plain bizarre. (“Imsotired,” “fart,” “catsrule,” and "beesperm" are just a few examples.) Try exploring it for yourself here.