Have your users been compromised? 'Have I Been Pwned' can answer that

Hardly a week goes by without another major security breach being revealed by yet another big-name retailer, application or website. As massive data dumps continue to appear with sobering regularity, it is difficult to keep track of whose account credentials are in jeopardy.

To make the task easier, haveibeenpwned.com makes it possible to find out whether a username or email has been compromised in any of several breaches. Simply plug it into the text box and hit enter to find out whether the email or username is among any of the nine breaches currently catalogued by Have I Been Pwned.

To make things easier for system administrators, the site now offers full domain searches to uncover how many users may have been compromised. There are four ways to verify you are a domain admin: by email, by meta tag, by file upload, and by TXT record. Once you have proved you are a domain authority, you can check that domain name against the databases and warn your users that their accounts are at risk.

Easily remember many secure passwords

There may not be much you can do to prevent the bad guys from stealing your information, but there is a lot you can do to prevent them from guessing it.

Researchers at Carnegie Mellon University suggest the easiest way to create complex, yet memorable passwords is to use the person-action-object method.

The user creates a visual in his or her mind by equating a person with an unexpected action and object. CMU’s cited example was Bill Gates swallowing a bicycle. Passwords are then derived using some scheme based on that visual, such as BiGaswa2c. The user could then keep a picture of Bill Gates somewhere to act as a reminder for the cues.

Choosing different images or schemes for each account will make it easier to maintain security even if one is compromised.