logo from website called have I been owned, spelled with a p

Last week we received two ransom emails telling us the sender had one of our passwords. And if we didn't want them to use it, to send them $1,900. Within 24 hours. Fortunately, we were able to respond with a 2-word phrase that we won't repeat here.

We had the luxury of responding that way, because the sender had a really old password of ours, before we were smart enough to use "strong" passwords. But let our experience be a warning to you to change your simple passwords to ones that are more complex. Today. Before you get the same email.

To go through this process, there are two websites that are really helpful, which you should go to:

First, a website that tells you how vulnerable your passwords are.

We found this very cool website called How Secure Is My Password, where you key in your password and it tells you how long it takes a desktop "password hacking program" to decipher your passwords. (Which we know, is different from your passwords being stolen. But this is still a really good way to go.) You'll  be amazed at just how quickly passwords can be deciphered.

However, we're total geeks about this, and shoot to get passwords that would take a ridiculously long time to crack (as you can see from the screenshot below).

screenshot from how secure is my password website

Second, a website that shows you which websites your passwords have been stolen from.

The website "have i been pwned" shows you which websites you have accounts on that have been hacked, and most likely, your passwords stolen. See the results from our search on the site here.

Four notes of interest about this website:
  1. The reason we know the "have i been pwned" website is safe, is because a good friend of ours, an IT geek (shout out to Hamilton!), showed us. And to show us how it worked, he put his own email in the website. Hamilton is also the one who suggested how we respond to the scammers.
  2. You don't have to put in a password to use the "have i been pwned" website, just your email address.
  3. The reason the site is called "have i been pwned" is because of gamers. (Which had to be explained to us by Hamilton). Evidently, when a gamer types "you've been owned," it often comes out as "you've been pwned," because when they type fast, they have typos (as we all do).
  4. According to Wikipedia, in 2013, the site was created by security expert Troy Hunt. And according to Wikipedia, as of November 2017, the "have i been pwned" site gets about 60,000 visitors every day! It also has over 1.7 million active email subscribers, and evidently, contains records of almost 5,000,000,000 (that's billion) user accounts.

screen shot from have I been owned website relating to passwords being stolen

If you want to know more

Check out the article "How to Check if Your Password Has Been Stolen" here.

We read stories with distressing regularity about hacks of major companies which compromise our personal information and passwords. When we read them we get upset, but we also know we have to change our passwords on those sites right away.

Naturally, for ease of remembering our passwords, many of us use the same ones for different websites. But when Uber, EBay, Verizon, The U.S. Securities and Exchange Commission (SEC) and Equifax (in our opinion: the worst offender!) get hacked, and our personal information and passwords are stolen, it's just a matter of time before you get a ransom email, like we received last week. Twice. From two different scammers.

Lesson learned.