Anonymously search Have I Been Pwned to see if a password has been compromised.
Have I Been Pwned may be offline (as of 7:50 pm). Your search may be unsuccessful.
- How does it work?
PasswordCheck creates a unique combination of letter and numbers from the password that you type into the password field. When you press Search, that string (not your password) is sent to an A-B Tech server. The server sends the first part of that string to the "Have I Been Pwned" Passwords Search which sends back a list of all the strings that start with the same part. If your password's string is in that list, your password may be compromised.
- PasswordCheck says my password was not found. Is it safe to use?
Probably, so long as it is not common or guessable enough that someone may be able to figure it out. For instance, "A-BTech#1!" is not in the database, but it may be something that an attacker can guess. Please review the password guidelines on the Account Security page on the A-B Tech website.
- PasswordCheck says my password was found. Should I not use it?
You should not use that password. Unless it is a common password, it is likely that an account of yours has been compromised. You may be able to find more information by searching for your email addresses and usernames on the "Have I Been Pwned?" Front Page. If you have never used that password before, then you should avoid using it now. Using a password that was found at Have I Been Pwned puts your account at risk.
- What else should I do?
- Use multifactor authentication (MFA) wherever possible to protect your accounts from a stolen password. At A-B Tech, employees must register for MFA. If you are a student, after you add security information to your account, you are encouraged to enable MFA.
- Sign up for notifications from Have I Been Pwned. If your email address is found in a data breach, Have I Been Pwned will send you an email to let you know.
- What is Have I Been Pwned?
Have I Been Pwned is a project by security expert Troy Hunt, who created the site as a free service for anyone to see if their email addresses or passwords have been affected by a data breach. Have I Been Pwned has a database of over 600 million real-world passwords gathered from hundreds of data breaches; if your password is found there, then an account of yours may have been compromised.
- What does "SHA-1 hash" mean?
SHA stands for "Secure Hash Algorithm". SHA-1 is a version of SHA. PasswordCheck takes whatever you type into the password field and creates a seemingly-random combination of 40 letters and numbers called a hash. Your password's hash will always be the same, and changing the password in even the smallest way will result in a completely different hash. There is no known way to reverse a hash to get its original password, but if you know the hash of "A-BTech#1!" and it matches the hash of an unknown password, then the unknown password is "A-BTech#1!".