Here's How To Find Out If Your Password Has Been Stolen By Hackers
By Robin Andrews,
May 27, 2018

[Statistically, you] are likely to be someone who uses the same password for several logins, across websites or computers. There’s a fairly decent chance that at some point, one or several of your passwords have been stolen and posted on forums for other hackers to try out.

Enter, Okta, whose plug-in for Chrome (a version for Firefox is coming soon) lets you know how safe, or unsafe, your passwords really are. Okta is described by CNET as a login management company, which doesn’t sound particularly thrilling. Popping over to their website, it appears that this is indeed what they do, but to put it in a mildly more exciting way: They are the guardians of the virtual gateways, those that stop nefarious hackers getting to you as you log in to whatever digital platform you or your company are using.

They’ve recently gone one step further and released a browser plug-in named PassProtect. When you use a password to sign in to Twitter or anything of the sort, it’ll inform you just how many times the password in question has been exposed in a data breach.
As noted, PassProtect is currently available as an extension for Chrome only, although they say a version for Firefox is in the works.

In the meantime, if you are a Firefox user, you can try a similar add-on called Prevent Pwned Passwords.

Prevent Pwned Passwords helps make sure you don't use any password that's known to have been part of a data breach. If you try to use a password that's known to have been compromised, you'll get an alert.

You can choose to run it whenever you enter a password on any site, whenever you enter a password on a "Create Account" page, or only when you choose to check a password from a context menu. You can also whitelist sites, giving you greater control over what passwords are checked.

This extension hashes your password and securely checks that hash against a database of hashes known to be breached. If it's been involved in a past breach (of any account across hundreds of sites), it notifies you so you can change your password.

Note that the only data ever transmitted is a password hash. We never send a clear-text password or any identifiable information like a username or a URL.

This extension uses the Have I Been Pwned service.
I installed the Prevent Pwned Passwords extension on Firefox on May 28 and it has already alerted me to four breached passwords that I didn't know about. One was my go-to throw-away password for low-security sites that I don't care about but two of them were actually passwords I have used on more significant sites. Needless to say, I changed those passwords immediately.

(I also installed PassProtect on Chrome since I use that occasionally as a backup and for testing websites.)

I strongly urge you to install one or both of these extensions now. You might be (unpleasantly) surprised by what they reveal.