CISO Perspective: How to Perform a Password Health Check

How safe are my passwords? How do I know if my passwords have been leaked?

These are questions I get asked a lot.

More and more hackers are using leaked passwords to log into websites and apps that you use. They may make purchases, or they may use the information they gather to sell on the dark web or to scammers.

Leaked passwords can be a gold mine for hackers and scammers alike. Before you know it, your information is out there on the internet and its difficult if not impossible to reverse the damage.

What action can you take to protect yourself? Take time out of your busy schedule to perform a password health check!

First ask yourself a few questions:

1. Do I use the same password on multiple websites and apps? Like social media, online shopping, and financial accounts?
2. Have I changed these passwords on all the sites and apps I use within the last 6 months?
3. Do I save my passwords in my browser or app for later use?
4. Am I using multifactor authentication whenever possible?
5. Have I looked to see if my passwords have been leaked?

One easy way to see if your passwords or other information has been compromised is to check https://haveibeenpwned.com/. Here you can enter your email or phone number and see if your data has been leaked in a data breach.

If you are an iPhone, or iPad user, head over to Settings -> Passwords -> Security Recommendations -> Detect Compromised Passwords. If you do not have this feature turned on simply tap the slider to enable it. You may be surprised what you find. If your passwords have been compromised, take immediate action, and change them.

If you are like me, you probably have a multitude of passwords. Keeping track and remembering them can be a challenge! One very good option is to use a password manager solution. There are many commercially available password management solutions, such as LastPass, DashLane, 1Password or BitWarden. Instead of having to remember many complex passwords, you only need to remember one!

Set a reminder to check your password health frequently and try out a password manager. This could save you from falling victim to fraud and identity theft, which is almost impossible to reverse.

That’s a CISO Perspective.