Email checker - see if your email has been compromised

Hi Rebecca,

What you can do is have a strong password. Since most trustworthy companies store customers passwords hashed and salted, having strong password exponentially increases the time needed for a hacker to reverse the hash to get your password. So even if there is a breach, they will just have a hash of your password (which is practically useless).

Originally Posted by Rebecca (PayforPrecision)

“That's the problem isn't it, you have to store all these passwords somewhere! and then remember the password for that storage....”

Well, actually no. Have you heard about stateless password generators (managers)?

They use a different approach. Nobody stores the passwords 

How it works is that they have a hash function which uses some user input (Login, Website address) with Master password (the only password you need to remember). The output of the function is a cryptographically secure password. If you change any variable - the output changes. But as long as the input stays the same the output is same too.

So, basically, when you need a password, you just get to the app or a website of a generator (most of them work offline as well), input all your data and get a password.

These generators have some good points (they are free; you don't have to trust anyone to store passwords for you; they don't depend on any physical file, so they are practically available 24/7 from any device) and cons as well (which are well highlighted here).

Anyway, I think these tools are much better then using no tools at all. 

I can personally recommend Getpass as an example of stateless password generator, because I had a pleasure of reviewing its source code for a research project and found it fine.

Hi Aft3rmath,

I've just caught up with this conversation which I've found very useful as we get a lot of spam on our corporate emails, so let me get this straight as I've just taken a look at this app you recommend to generate passwords. Basically, all I have to do is to type an email, website and a sort of keyword and, as long as I don't change anything, it'll always generate the same password, therefore, I don't need to remember it. Is that correct?

Hi Ful-ton Forklifts,

That is correct, though you still have to remember the keyword (I assume you can't forget your email and website).

I just don't get how you think it can help to solve corporate spam problem?

Hi Aft3math,

Ops, you're right, I read a full conversation thread with other tips to trace where your spam can be potentially coming from and I mixed things up! 

Have a great day,