With the number of data breaches each year, it can be difficult to understand if your perfect password is still secure. Even if you follow security practices and make a strong and unique password for each account, a breached password is still out there in the wild. That’s why it’s vital to periodically use a free tool to check if your passwords have been compromised.

Leading security researcher Troy Hunt’s Have I Been Pwned is one of the go-to sites for checking if your password is out in the wild. It’s a comprehensive database of emails and passwords found in data breaches from around the world.

At the time of writing, Have I Been Pwned holds information on 882 websites with just shy of 15 billion accounts. Now, there is some overlap, as some of the major data breaches of recent years have been rehashes of others (where scammers combine major breach lists).

Still, it’s a great tool to check if your account information has been breached. Pop your email address into the search bar and press pwned? to check if it shows up. If it does, check the breach the account appeared in (they appear below the search), then head there and change your password immediately.

While you’re there, don’t forget to sign up for notifications of future breaches involving your email address, too.

Enzoic works in reverse from Have I Been Pwned. Instead of checking your email against a massive database, it checks your password instead.

Handily, Enzoic’s password-checking tool also shows you if your prospective password is strong using a visual guide. If it’s compromised, the checker will inform you straight away. I tried the dreaded 123456 password, which it immediately flagged, as did the other weak options I tried.

Related

My Friends Still Use “123456” Passwords—Here’s How I Finally Got Them to Stop

Pushing your friends and family to up their password game is the right thing to do.

On the security side, Enzoic states that your “Password will be sent securely to our server to check if it’s compromised,” and it doesn’t store your passwords.

4

Google Password Checkup

Now, did you know that Google Chrome’s integrated password manager has a compromised password checker tool?

It’s incredibly simple to use. In Chrome, head to Settings > Password & Autofill > Google Password Manager. Then, select Check Passwords.

Chrome will reveal any compromised, reused, and weak passwords, showing you exactly which passwords you need to act on immediately.

Related

This One Tiny Change Makes Accessing My Google Passwords Much Easier

It’s also easy to manage the passwords stored in multiple Google accounts.

3

Apple iCloud Keychain Password Monitoring

Those using Apple iCloud Keychain can use a similar process to check any stored passwords across devices linked to your iCloud account. It’s a similar process to Chrome’s password checkup tool, in that it lists Compromised Passwords in a specific section. From there, you can change any compromised or weak passwords.

How you access Keychain’s password monitoring varies depending on the Apple device you’re using.

• iOS/iPadOS: Head to Settings > Passwords > Security Recommendations.
• macOS: Head to System Settings > Passwords > Security Recommendations.
• Safari: Open Settings > Passwords.

In all cases, you’ll need to make sure Detect Compromised Passwords is enabled. Once enabled, Keychain will automatically detect compromised passwords and alert you to any issues.

2

Check Your Password Manager

I’ve listed this last because not everyone uses a password manager, though everyone absolutely should be, especially as most of the best password managers are free.

I’m not going to attempt to detail how to track down compromised passwords in every password manager; that’s overkill for this article. But a quick internet search for “[password manager name] check compromised passwords” should guide you in the right direction.

Given that password managers create a strong and unique password for each account, you shouldn’t find too many problems. However, it’s always worth checking, especially if there has been a major data breach.

As said, even if you have a unique password, once it’s breached, it still needs changing.

1

Check Your Antivirus Suite

Now, many folks, including myself, rely on my operating system’s built-in security suite. But those with a third-party solution installed may also have a password checker installed as part of the security suite. For example, Kaspersky, Norton, Bitdefender, and other major antivirus tools all have integrated password managers and password checker tools.

So, if you have a third-party antivirus tool installed, check it out.

A stolen or breached password is infuriating and dangerous, especially if you don’t know where to start looking. However, with these tools, you can quickly identify any compromised passwords and start replacing them with much stronger and more unique options. And best of all, all of these options are completely free, because great security shouldn’t cost you heaps of cash!