Do you know if your email password is leaked?

Password security

Do you know if your email password is leaked?

  • Have you protected all the devices using your email for viruses and malware?
  • Do you always use a different password for every service you subscribe to?
  • Do you remember that specific service you registered with four years ago?
  • Do you change your password regularly?

In case you answer “no” to any of the above questions, there is a good chance that your email account might be leaked and compromised. What is worse is that you might never know of it until the damage is done.

What can happen if an email account is compromised?

When an email account has been compromised a hacker has gained access to all emails on the account. The hacker could use the account to send out spam or download your contacts. To avoid this, One.com monitors outgoing email and looks for surges and abnormal behaviour. Based on these results or on reports from our peers, we suspend any compromised email accounts for security reasons.

Besides your email account, a hacker could also gain access to third-party services where you have used your email to sign up.  By using the “I forgot my password”-function, the hacker could gain access to, for example, your control panel.

When a compromised account needs to be suspended, it can be a major inconvenience for the email user affected, even though the suspension is done to protect the integrity of the account as well as to protect others from getting impacted by spam.

What is One.com doing to prevent this?

Besides the fact that you should make sure to have a secure password and protect your devices from virus and malware, One.com is there to help you. We try to prevent hacks by checking Webmail passwords against a list of known-to-be-leaked passwords. If your password is on this list, we will let you know so you can change it before someone can gain access to your email account.

The data used in these checks are anonymised versions of password-dictionaries. We get these lists from a service called haveibeenpwned.com. The service is free and monitors the internet for copies of password lists and incorporates this information into a service for individuals or organisations to use to improve online security.

We will let you know if your password is compromised!

If our automated routine check finds your password on the lists of known-to-be-leaked passwords, we can be sure that it has been leaked and is known by at least one person who shouldn’t know about it. Therefore, once you log in to Webmail you will see a modal informing you to change your password.

We are proud of the leaked password checks and believe that it creates a far more secure and stable service for our customers.

Troy Hunt, the inventor of haveibeenpwned, writes more about real-world examples of using haveibeenpwned.com on his blog.

Comments