Home Articles Ten million reasons why you should change your password

Ten million reasons why you should change your password


We live in an age where passwords are windows to our world. (Or did somebody say soul?) A lost one here, or even a vulnerable one, can bare you to the world, not to mention clean out your bank account.

It’s no wonder then that a question that occupies most of us is this: Should I change my password?

Apparently, it is not just a rhetorical question. It is something many of us should act upon. The Avalanche Technology Group, which runs a site with the question as its URL, counted its 10 millionth “compromised” email address and password earlier this month, after only two years monitoring compromised personal data.

“It’s scary to think that in less than two years, hackers have made more email addresses and passwords public on the Internet than the entire population of NSW,” said Shayne Tilley, commercial manager at ATG. To get even more perspective, compare that count with the population of Australia — 23 million.

“With thousands of new compromised emails and passwords being discovered every day, it’s increasingly evident that the threat from hackers is more dangerous than ever. Unfortunately, in many cases, the compromise is only discovered after it’s too late,” he added.

ShouldIchangemypassword.com is a free Australian-developed website that allows users to anonymously check if their email is secure enough to stop hackers or if it has already been hacked. It does so by aggregating “compromised” databases in a safe and reliable manner. Users can check their email address in one central spot rather than track down hacked databases often hosted in some unsavoury areas of the Internet.

A user should change his or her password soon as it is recorded as a compromised one.

“When your email is compromised a big part of your life can be exposed. A hacker can access your Facebook or Twitter account, invade your personal emails and in some cases even reset your bank password – all within minutes,” says Kevin Yank, chief technology officer at ATG.

Yank recommends the following steps to safeguard oneself:

  • As soon as the compromise is identified you should change your password right away on every site where you use it.
  • Check for signs of someone else using any of the accounts you have registered with that email address.
  • Report anything suspicious to the authorities.
  • Finally, get serious about using a different strong password for every site and service you use because cyber criminals have sophisticated hacking technology. It is vital to set long passwords with illogical combinations of letters, numbers and symbols — for example,  $hould1changemYpa$$word — and change them regularly.

ATG keeps the compromised email addresses in encrypted form, storing each with a unique ID. This ensures that not even the company’s internal team can access the list of email addresses, let alone a third party. Consequently, people can check their email address anonymously and be confident their details cannot be misused.