How do I crack the SSC exam 1

Has your password been hacked too?

Arne Arnold & Thorsten Eggeling

Log-in data is circulating on the Internet again and again. Use the exclusive PC-WELT tool Password Check to check whether your log-in is included. There are also the best tips for emergencies.

EnlargeBreachalarm tells you whether you should change your password

Log-in data usually consists of your email address and a password. If these are stolen, the associated data is at risk for this service. It becomes particularly dangerous when hackers have access to your mailbox. Because then you can have the passwords for almost all other online services sent to you using the "reset password" function. The real trouble starts when you use the same password for multiple log-ins. Because then a hacker can break into not only the online service whose log-in data he has stolen, but also all other services.

Background: It's so easy for hackers to get hold of your passwords

Your passwords get into the hands of hackers in two main ways: through malicious code and through successful breaches of online databases.

The smaller danger comes from keyloggers. These are pests that nestle on your PC and then log the log-in data of sensitive services such as your mailbox or your online banking and send it to the criminal behind the keylogger. Many of these malware threats can also be read from the passwords stored in the browser.

Why are such keyloggers the lesser danger? Because you can protect yourself against it very well. A good antivirus software blocks a large part of the malware. If you also regularly install all available updates for Windows and the installed applications, the keyloggers will not find a gateway to the antivirus programs.

The greater danger comes from hackers attacking the services you have an account with. The criminals gain direct access to the databases of online services such as Dropbox or Yahoo. The intruders always have their e-mail addresses, i.e. the user names, on the network. In addition to a lot of other personal data, you can often also access the passwords of the users. Most of them are encrypted, but in many cases the encryption is so weak that the code can be cracked easily. And even better encrypted passwords can be encoded if they are short and simple passwords such as “test” or “123456”. Cases of particularly successful thefts in recent years have included the following:

In recent years, online services have repeatedly fallen victim to hacker attacks. In 2011, for example, 34.7 million customer data are said to have been stolen from the dating platform www.eharmony.com. The data record also includes the passwords. These are protected by the SHA1 hash system, but this has been considered unsafe since 2015 at the latest. Around 117 million data records went to the Linkedin network in 2012. The bitter thing about it: LinkedIn did not officially notice the extent of the theft until 2016 and only then asked its users to change their passwords.

More than 152 million records were stolen from software specialist Adobe. That was in 2013. Adobe had encrypted the passwords in the data records, but so badly that many passwords could be decrypted. 145 million records were stolen from Ebay users in 2014. The passwords are encrypted. But simple, i.e. short and less complex passwords can also be reconstructed in this case. 500 million data records were discovered on the Internet by specialists at the Federal Criminal Police Office in July 2017. The data comes from various hacker attacks and was collected over the past few years.

In 2018, personal data including email addresses and MD5 / Bcrypt-encrypted passwords of the photo community web.500px.com got into the hands of unauthorized persons. In 2019, the 15 million data records were offered for sale on the dark web. The social media website Knuddels was also the victim of a break-in in 2018. This affected the data of more than 800,000 accounts.

This list is far from complete. It is only intended to illustrate the magnitude of the hacker attacks.

Tip:How to crack your forgotten password

See also:The best password manager for pc

How to test for password theft

There are several services on the internet that have stolen records that you can use to see if your data belongs to them. The services obtained the datasets from underground forms and other sources. During the test you are of course not forced to enter your password, your email address is sufficient. In some services and also in our PC-WELT password check tool, you can still enter passwords. Basically, you proceed as follows with our tool and the Internet services:

  • Step 1: Enter your email address in our PC-WELT tool password check or in one of the services listed below.

  • Step 2: Wait for the result. This will be displayed to you immediately in our tool and on some websites. Some services will send you the result by email.

  • Step 3: In PC-WELT Password Check, select the option “Check password”, enter a password and click on “Start test”. The password is not sent in clear text to https://haveibeenpwned.com for verification, but as a hash value. This hash value is then compared with the hash values ​​of the stolen data records. If they match, you will receive the message "The password is in one of the databases". Do not use the password any more.

  • Step 4: If your data is saved in the database, then change the password for the reported service. If you have used the same password for other services, change your password there as well. You don't have to change your email address.

  • Step 5: Make the account more secure and enable two-factor login if the service supports it.

  • Step 6: It is worth routinely changing the password every few weeks or months for important services. This is also worthwhile if the PC-WELT password check has not found an entry.

EnlargeWith the PC-WELT password check tool, you can check whether your e-mail address or password is contained in stolen data records.

Check your log-in data for these services

EnlargeWith "Watchdog", Breach Alarm offers a function in which you can store your email address.

Hasso Plattner Institute: This service offers a database query at https://sec.hpi.de/leak-checker/search that can access almost 10 billion data records. The site is in German. After entering your e-mail address and clicking on "Check e-mail address", you will receive the result of the query by e-mail.

On the site it is interesting to take a look under "Statistics". Among other things, you can find out what the ten most common passwords are. Of course, you shouldn't take this as a role model. Places 1 to 3 occupy: 123456, 123456789 and 111111.

Have I been Pwned: The site https://haveibeenpwned.com has almost 8 billion log-ins. The database is also behind our PC-WELT password check tool.

Breach alarm : The database at https://breachalarm.com knows around 850 million log-in data and thus comparatively few. Nevertheless, a visit to the site is worthwhile, because you can store your email address there free of charge and have it monitored for data theft. You will be informed if this address appears on the Internet together with your login data. If you want to have more than one email address monitored, you have to pay (from 10 dollars per year). The service is called Watchdog, you can find it at https://breachalarm.com/watchdog.

Recommended password manager for added security

If you have to manage more than a handful of log-in data, you can't avoid a password manager. Because every log-in absolutely needs its own password. And each of these passwords should be as long and as complicated as possible. But hardly any user can remember that. The password managers help here, as they usually also fill out the log-in data fields in browsers and apps.

Recommended password managers are Keepass