Passwords secured? Here's a celebration with confetti.
Revamped Have I Been Pwned 2.0 Enhances Data Security for Users
Berlin (dpa/tmn) - Cybersecurity expert Troy Hunt has revamped the popular website "Have I Been Pwned" with a plethora of new additions and improvements, designed to bolster users' data security.
In a bid to incentivize users to prioritize their data protection, the website now showers confetti across the screen to celebrate users when their entered email address has not been compromised in hacker attacks or data leaks. This positive result is accentuated with a green frame.
On the contrary, hits in the database are marked with a red frame. A unique feature to the updated display is the timeline, which presents the month and year of each respective leak from multiple hits on a single email address. This feature allows users to scroll through the leak events in reverse chronological order for thorough understanding of their data exposure history.
Searching for usernames and phone numbers is no longer an option on the query page; the database can only be searched using email addresses.
To find more details about a leak, users can click on the "View Details" button located underneath each timeline event, which will open a window with a detailed description of the security incident, including when and how the data was compromised. Additionally, basic data is displayed to provide a comprehensive scope understanding, as well as a risk classification and a list of compromised data categories.
Regularly checking the query for one's email addresses becomes crucial, considering new data sets frequently appear in leaks or hacks online. To supplement "Have I Been Pwned", the Identity Leak Checker from the Hasso Plattner Institute (HPI) can also be utilized. The checker relies on a similar database containing countless leaked identity data.
If queries result in hits, the burned password associated with the respective service should be replaced with a new, secure password at the earliest convenience. It is highly recommended to employ a unique password for each service to minimize potential risks.
Because it is nearly impossible to remember dozens of complex passwords, the Federal Office for Information Security (BSI) advocates the use of password managers. Alternatively, users can achieve a safer online experience with the help of a password notebook, as explained on the BSI's website.
Two-factor authentication should be activated wherever it is available, as it adds an additional layer of security, making it more challenging for attackers to gain access to the respective account, even if they have obtained the password. Users may also gradually switch to Passkeys, a passwordless login method using a cryptographic key pair, for heightened security.
Passkeys can be stored on a security USB stick (FIDO2), in a (mobile) operating system like Android, iOS/MacOS, or Windows, or in a compatible password manager. Utilizing a password manager provides a universal and independent solution.
Enrichment DataOverall: Have I Been Pwned 2.0 introduced a myriad of enhancements and improvements, featuring: - A streamlined, user-friendly website design - A consolidated dashboard for accessing essential features - Improved search performance for quick results - Elimination of rare-use features (user names and phone number searches) - Data breach timelines for historical context - Detailed breach pages with robust, user-specific information - Advanced security measures using Cloudflare's Turnstile - Virtual confetti as visual feedback for clean records - Future plans for passkey support and country-specific data expansionHow the Timeline of Leak Events for an Account Works: When a user searches an email, the updated website shows data breaches in a chronological timeline format. This timeline offers several benefits, including: - Tracking the sequence and timing of each incident affecting the user's data - Gaining valuable insights into their exposure to data breaches over time - Accessing dedicated breach pages for in-depth understanding and recommended security actions
Cybersecurity technology plays a crucial role in the revamped Have I Been Pwned 2.0, as it employs various improvements to bolster users' data security.
One such technology implementated is the use of Cloudflare's Turnstile, an advanced security measure designed to protect user accounts from unauthorized access.
