Is Your Password on the Dark Web? Maybe.

doxbin

For the record – the site above isn’t the current Doxbin address, but I wanted to give people a general idea of what it looked like. Nonetheless, there’s still a Doxbin Twitter account, @_DoxBin_, which is affiliated with Gray Hat Forums, apparently.doxbin_twitter

I’m sharing this because my broader topic is data leaks and password managers. First of all, no password appears to be 100% safe, but you’re better off if you use a good one. If you look at one of the lists of “most common passwords,” according to this article in The Telegraph, they tend to include ones like this:

12345

123456

qwerty

google

starwars

And so on. I hate to admit it, but when I first “joined” the interwebs back in 1994, I was guilty of having some passwords like these. I’ve since learned that you need to up your security.

One of the reasons that I wanted to tell you about this, my loyal readers, was that I was recently looking at the sites Has my email been hacked? and Have I been pwned?. In the process, I found a disturbing trend: just by looking at the types of sites that someone had login credentials for, you could really tell a lot about their personal life.

hacked_emails

 

haveibeenpwned.png

For example, I typed in a “made up” email address onto the first site (which turned out to be a real one), and some of the results included Badoo, neopets.com, lookbook.nu, and mate1.com.

Anyhow, I think that to avoid this, it would be best to use a good password manager, particularly one that can keep your passwords offline – and therefore not vulnerable. Also, I tend to randomly generate my passwords using the Diceware method, which fellow WordPress author W. Smith talks about in Unique usernames with diceware.

In a nutshell, you use the dice to come up with combinations of words and numbers, which then become your password (or “passphrase”). The password managers, on the other hand, do this for you.

One of the ones that I like is KeePass, which locks your passwords in a database and encrypts them with the algorithms AES and Twofish, which are considered to be some of the best at present.

sshot4dc4340510f7b

KeePass, unlike some other password managers, does not store your passwords in a cloud. Also, its complete database is encrypted (e.g. your usernames and other info). Oh, and did I mention that it’s open source? Open source = good.

To see more of its features, check out Features – KeePass. And no, I don’t work for them, so this isn’t an official endorsement.

Another password manager that I’ve been testing out is bitwarden, which, I am pleased to note, is 100% FOSS. bitwarden offers a web extension for all major browsers, including Tor, and a mobile app.

bitwarden_menu

The downside, compared to KeePass, is that bitwarden only supports storing passwords in a cloud (as opposed to offline), which has the potential to be a security threat. However, it does allow 2FA and encrypts passwords with your master password (just as KeePass does).

An IRC buddy of mine by the name of Sheogorath does a good comparison of four different password managers here: Password safes – LastPass vs. Bitwarden vs. Keepass vs. Pass. Compare them all for yourself and decide! (By the way, if he’s into anything criminal, I’m not responsible.)

All that said, though it may seem like a pain to have to go through all of these steps, I think it’s better than having your password end up on Doxbin (or somewhere worse). Right?

Advertisements

One thought on “Is Your Password on the Dark Web? Maybe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.