Skip to main content

See where all of your passwords are being used with Shard

mexico voting breach hacking laptop passwords code
It’s not a smart idea to use the same password everywhere you need to log in — if your credentials are stolen for one service or site, hackers can use that information to gain access to all your other accounts. Now, a security researcher has developed a tool that helps users tighten up their defenses.

Shard is a command line tool that allows users to check if a particular password is also being used for their Facebook, Twitter, Instagram, LinkedIn, and Reddit accounts. The intention is that the user would then rectify the situation, although for obvious reasons the utility itself doesn’t have the power to make changes to the accounts.

Philip O’Keefe developed Shard after finding that the randomly generated password he was using for several different accounts was among the credentials leaked following the major LinkedIn breach that took place earlier this year. O’Keefe is now using a password manager to maintain the security of his accounts.

Given the current frequency of security breaches affecting major sites and services, a tool like Shard couldn’t come at a better time. In June, Twitter was forced to lock millions of accounts after it emerged that passwords for as many as 32 million accounts were being sold on the dark web.

However, there are some concerns about how Shard could benefit those working to target users who do use the same password everywhere they go. The tool could allow hackers to check where illegally purchased passwords are in use, and slight modifications could expand the list of being examined to include banking services and more, according to a report from Ars Technica.

In the event that Shard is adopted by online criminals, there’s all the more reason to use unique passwords for every site and service you register an account for. You can grab the Shard tool right now from its GitHub page.

Editors' Recommendations

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Using LastPass? You need to switch urgently, says security firm
A dark mystery hand typing on a laptop computer at night.

It’s a good idea to use one of the best password managers to keep your logins safe, but now a security company is warning that one of the most popular password managers in the world is not safe to use.

The extraordinary claim comes from Intego, a firm that specializes in Mac security. Intego made its assertion based on a series of security breaches LastPass has suffered in recent months, the way LastPass has responded to those incidents, and the underlying technology LastPass uses to protect customer accounts.

Read more
Hackers just stole LastPass data, but your passwords are safe
A physical lock placed on a keyboard to represent a locked keyboard.

The developers behind password management software LastPass have just shared some concerning news: Bad actors were recently able to access “elements of our customers’ information” in a recent security breach.

It’s the second time in just a couple of months that LastPass has suffered a security incident, and it appears the two events are directly linked. That’s because LastPass’s developers say that the unauthorized party was able to access customer data “using information obtained in the August 2022 incident.”

Read more
Passwords are hard and people are lazy, new report shows
Mac privacy tips: 1Password

Despite ongoing efforts by security researchers and internet titans to push us to use stronger passwords and two-factor authentication to secure online accounts, people are lazy and continue to make serious mistakes that jeopardize their privacy and security, a new report shows.

A new survey that delves into password selection shows an alarmingly high number of people reuse passwords across multiple accounts. If you are doing this, you should be aware that it only takes one security breach to put all of your accounts at risk. Hackers know that this is a common practice and will try the same stolen passwords at every popular online service in hopes of gaining easy access.

Read more