Your login credentials verify your identity and help guard your information.  Compromised passwords can be used maliciously to represent you, and this makes effective password hygiene and monitoring essential for protecting your digital privacy both professionally and personally.  ITS emphasizes creating long, strong, and unique passwords, using password managers, and turning on multi-factor authentication to accomplish the former.  We have been using a service called “Have I Been PWNED (HIBP),” found at haveibeenpwned.com to accomplish the latter.  ITS is aware of a number of compromised credentials, which we are correcting.  This is currently an ad-hoc process, but we are moving to both standardize and automate discovery and remediation.

The HIBP site can also be used by individuals to validate password security.  You enter email addresses or phone numbers, and it provides information about accounts that have been compromised or “pwned” in a data breach.  It does not automatically mean that your account at UConn is compromised.  However, people often reuse passwords, and any compromised password is likely to be tried in other places associated with you.

---