Cybersecurity and the Value of haveibeenpwned.com

Just a short note to potentially save a big headache:

Haveibeenpwned.com is a site that tracks if your email has been found to be on lists of known hacked databases. This can be very useful in preventing a person from hacking into your other sites using the same username and password.

When you type in your email address, haveibeenpwned.com will return a list of all of the known hacks that include your email.  If you have the habit of sometimes re-using the same password for different sites, this means that a person using the same username and password might be able to gain access using the hacked information.

To prevent this from occurring, it is good practice to use different passwords for each application, so if one is hacked, at least the others cannot easily be accessed using the same information.  This is especially true for any sites that may contain very personal data (e.g. medical, financial, etc).  Also, if your email does show up on the haveibeenpwned.com site, review any accounts that use the same email for the username and make sure the passwords are different.

Of course, if you follow good practice and use unique complex passwords that you change periodically, compromise of one password will be less likely to have an impact on others.  Two factor authentication is also very useful in this regard as it provides an extra barrier to access.