• How to see my password found in a data breach

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Home Users » How to see my password found in a data breach

    Author
    Topic
    Snoopdon
    AskWoody Plus
    January 16, 2022 at 5:40 pm #2418711

    I use a service of H&R Block called Tax Identity Shield. From time to time then send me email notifications of alerts if accounts I have registered with that service are found in data breaches. Sometimes the breach occurred several years ago but was just discovered and sometimes the breach occurred recently. Most of the time the alert indicates that my email address was found and most of the time it says the password was found. I don’t think this means the password for my email account was in the breach but rather some account for which I used my email address as the user name was found. See attachment 1. Next to “PASSWORD FOUND” there is a little circle with a lower case i in it. If you click that you see the message shown in attachment 2. I understand the logic of not showing my password but on the other hand if I were able to see the password, I could search for it in my password file and if I find it I know for sure I want to change that password. I have about 400 entries in my password file and most of them use my email address as the user name. It is not practical to change the password for all those accounts every time I get one of these alerts. My password file prompts me to change passwords once a year and even that is a daunting task. Does anyone know if there is a service that would allow one to see the password that was found in a data breach by entering your email address and then receiving an email from the service and click a link in that email?

    Tax-Identity-Shield-Notification-1

    Tax-Identity-Shield-Notification-2

    Thanks,
    Don

    1 user thanked author for this post.
    Fred
    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • anonymous
      Guest
      January 16, 2022 at 9:22 pm #2418723

      Not sure if this is what you’re looking for, but check out these two sites for email and password breach confirmations:

      https://haveibeenpwned.com

      https://haveibeenpwned.com/Passwords

      HTH/Chuck

      Reply | Quote
      • Snoopdon
        AskWoody Plus
        January 17, 2022 at 3:03 pm #2418960

        I tried the second link provided by anonymous but the file I downloaded is a Torrent file and 7zip doesn’t open it. Doing a search on the web it says I need to install an app like uTorrent. Is that correct? I have never used Torrent files before. All I know about them is one of my coworkers at my last job used Bit Torrent to download pirated copies of movies, which I have never done.

        Don

        Reply | Quote
        • Paul T
          AskWoody MVP
          January 18, 2022 at 3:32 am #2419083

          The second link is a site where you enter your password and it will be checked for you. No need to download the data file.
          Passwords you enter are not sent to HIBP – see this post.

          cheers, Paul

          Reply | Quote
          • Snoopdon
            AskWoody Plus
            January 18, 2022 at 11:33 pm #2419270

            Damn, I forgot to log in before my last reply. Hopefully the moderator will post my reply under my login, Snoopdon.

            Reply | Quote
          • anonymous
            Guest
            January 18, 2022 at 11:35 pm #2419268

            I have over 400 accounts. Entering my password for each account into this web page would take me days or weeks. If I can download the file and run an algorithm to compare it to my password file to find matches that would be much more efficient. Can someone just answer my question instead of giving answers I didn’t ask for?

            Thanks,
            Don

            Reply | Quote
    • Paul T
      AskWoody MVP
      January 17, 2022 at 1:20 am #2418735

      I see no value in changing your passwords regularly. Change one if it has been compromised.

      Use long and strong passwords that are unique for each site. Then any compromise will not affect your other logins.

      It is also worth using email aliases instead of your actual email in an attempt to limit spam. I use e4ward for mine, but very occasionally some (clever) website programmers “verify” the email address and refuse to accept it – probably because it has 2 dots in it (anon@you [dot] e4ward [dot] com).

      cheers, Paul

      1 user thanked author for this post.
      wavy
      Reply | Quote
      • wavy
        AskWoody Plus
        January 17, 2022 at 12:58 pm #2418907
        Paul T wrote:

        e4ward

        very interesting service thanks Paul

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        Reply | Quote
    Viewing 1 reply thread
    Reply To: How to see my password found in a data breach

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.