Back in 2013, I posted about cloud security and the importance of strong passwords and multi-factor authentication. That was years ago — and if anything, the threat landscape has only gotten worse.
If you haven't enabled multi-factor authentication (MFA) on your online accounts, please do it today. This is the single most effective thing you can do to protect yourself from account takeovers, even if your password has been leaked.
Check If You've Been Compromised
There's a free tool built specifically for this: haveibeenpwned.com
Enter your email address and it will instantly tell you if your information appeared in any known data breaches. As of 2026, the site tracks over 14 billion compromised accounts across hundreds of breaches — everything from LinkedIn to Adobe to major healthcare providers.
You can also check if a specific password has appeared in known breach dumps at haveibeenpwned.com/Passwords. If your password shows up there, change it everywhere you use it.
Who Built This?
Have I Been Pwned was created by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional (MVP) for Developer Security. He's an internationally recognized web security expert and one of the most credible voices in the industry on breach awareness.
What to Do If You've Been Pwned
- Change the password on the affected account immediately
- Change it everywhere else you used the same password
- Enable MFA — use an authenticator app (Google Authenticator, Authy) rather than SMS when possible
- Use a password manager — 1Password, Bitwarden, and Dashlane are all solid choices in 2026
- Set up breach alerts — haveibeenpwned.com lets you subscribe to be notified if your email appears in future breaches
Security isn't glamorous. But five minutes on haveibeenpwned.com could save you from a very bad day.