Chapter in this post:
In the last few days, the Evaluation by the Hasso Plattner Institute referenced who have evaluated data captured by hackers and offered publicly on the Internet. The data comes from "raids" that hacking teams have stolen from Yahoo, Adobe or other companies with a lot of customer data. The reports have caught my eye a number of times, but so far you have not been able to see whether you are affected yourself. Until now…
With a public query, the HPI Institute now gives everyone the opportunity to check whether their e-mail address has been affected by the hacks. This goes through the HPI Identity Leak Checker.
There you enter your e-mail address and then receive an evaluation by e-mail, in which it is recorded whether the e-mail address was found in the data, whether the password can be found in it and whether it contains other personal data are. A good hint can always be found on the left in the column, in which you can see from which hack the data originates.
So you know immediately on which page or at which company you should urgently change the password. By the way, a good tool for managing passwords is 1Password, which I use on my Mac. And here you can clearly see again how important it is DO NOT always use the same password for different services.
Since the query of the tool is free of charge, I can only recommend you to test whether your email address and password may have been stolen from one or the other hack.
Inset - more interesting posts on the blog:
I wanted to briefly add to a conversation I had with a reader. He asked me a few things about 1Password:
[…] You mentioned that you have been working with the MacApp "1Password" and have done very well with it so far. I've used 1Password on my iOS devices - but haven't really used it yet as I'm afraid someone might find out that master password and then have access to all the stored passwords. After all, I can't keep this password completely secret. For example, in the event that something should happen to me, at least my wife, parents, etc. should have this password. Or what if "1Password" should be hacked - what then???
Are my fears mentioned above unfounded - how do you see it or how do you deal with it?
Hello Jan! The thoughts are definitely well founded! I have 1Password on the Mac because at some point I noticed that I keep using the same password for different services (out of laziness) and this is extremely dangerous. With 1Password I have a database that stores all passwords and logins in encrypted form. The app, on the other hand, is protected with a master password (and here you should use a good one and not "123password").
You will never have 100% security, but this way the logins are better stored than on a slip of paper under the keyboard. And if someone wants to access 1Password, they first have to guess the lock on your iPhone, iPad or the login on your Mac AND then the password of 1Password. I think that is very unlikely. More often it happens that services like Dropbox, Adobe or others are hacked themselves. Hacking the 1Password service is unlikely because your password data does not leave your computer unencrypted. For the sync, they are encrypted and sent to the cloud and then decrypted on your other device using your master password. Without this password, the hacker has nothing but garbage.
And if you want to leave the master password and your login for the iOS device for your family, then do so in a way that an unauthorized person cannot understand. Make an address book and enter a fictitious address of "Tante Trudel", where the phone number or post code and PLACE is your password. Your family knows and someone else might think it's a normal address entry. ;-)
And a tip for Mac users: I encrypted my startup volume with FileVault (integrated in macOS). This means that an unauthorized person - even if he removes the hard drive and hangs it on another computer - only sees garbage data. The operating system decrypts the data "on the fly" only after logging in. Apple shows how this is set up here on the Help page for FileVault.
With iOS devices you don't have to encrypt anything, since iOS manages the data in the memory in encrypted form. With iPhone and Co., it is more important that you use 2 factor authentication (here is the Apple help) and have chosen a good PIN (please not 4 digits but at least 6, otherwise it is too easy to try out).
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.