Every time there’s a data breach at a company or service where you do business, there’s a chance that the bad guys will reverse engineer your password. And once they do that, they will almost surely try to use that email and password combination to log into dozens of other sites – a hacking technique called credential stuffing. And why do they do this? Because they know most people reuse the same password over and over again. Troy Hunt has created a free service called “Have I Been Pwned” that collects information from all of these breaches so that we can find out whether our email address has been included in any of these hacks.
I originally interviewed Troy over a year ago on the topic of database breaches and how to protect yourself against them, and sadly this is just as relevant today as it was then. So I brought this back as an encore performance!
Troy Hunt is an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. You’ll regularly find Troy in the press talking about security and even testifying before US Congress on the impact of data breaches.
- Ethics of running a data breach search service: https://www.troyhunt.com/the-ethics-of-running-a-data-breach-search-service/
- Authentication evolved: https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/