It’s not a smart idea to use the same password everywhere you need to log in — if your credentials are stolen for one service or site, hackers can use that information to gain access to all your other accounts. Now, a security researcher has developed a tool that helps users tighten up their defenses.
Shard is a command line tool that allows users to check if a particular password is also being used for their Facebook, Twitter, Instagram, LinkedIn, and Reddit accounts. The intention is that the user would then rectify the situation, although for obvious reasons the utility itself doesn’t have the power to make changes to the accounts.
Philip O’Keefe developed Shard after finding that the randomly generated password he was using for several different accounts was among the credentials leaked following the major LinkedIn breach that took place earlier this year. O’Keefe is now using a password manager to maintain the security of his accounts.
Given the current frequency of security breaches affecting major sites and services, a tool like Shard couldn’t come at a better time. In June, Twitter was forced to lock millions of accounts after it emerged that passwords for as many as 32 million accounts were being sold on the dark web.
However, there are some concerns about how Shard could benefit those working to target users who do use the same password everywhere they go. The tool could allow hackers to check where illegally purchased passwords are in use, and slight modifications could expand the list of being examined to include banking services and more, according to a report from Ars Technica.
In the event that Shard is adopted by online criminals, there’s all the more reason to use unique passwords for every site and service you register an account for. You can grab the Shard tool right now from its GitHub page.