This site has a searchable database of over 306 million leaked password

In June 2007, the National Institute of Standards and Technology (NIST) released guidance that said that sites should check potential passwords against previous data breaches, in order to ensure they are totally unique.

While most websites are yet to offer that functionality, Troy Hunt, the founder and creator of Have I Been Pwned, has launched a tool where you can check passwords to see if they’ve been compromised.

The way it works is pretty simple. Just type in a password, and it will compare it against a database of over 306 million passwords, collected over several years, in order to determine how unique it is.

Hunt has also made the data freely available to download, so that developers can integrate it into their websites.

Calling all Scaleup founders! Join the Soonicorn Summit on November 28 in Amsterdam.

Meet with the leaders of Picnic, Miro, Carbon Equity and more during this exclusive event dedicated to Scaleup Founders!

Apply Now

The site also serves as an exploration of the passwords people use, which admittedly can be pretty weird. It bizarrely common for people to use full names as passwords, and amusingly, it seems someone used ‘troyhunt’ as a password somewhere.

You have some explaining to do pic.twitter.com/OUicVWJIdB

— lektol??????? (@lektol1) August 3, 2017

Apparently you're not the only one… pic.twitter.com/MUXtKLdlqL

— Owen Nelson (@MrOwenNelson) August 3, 2017

Others were weird, or just plain rude.

Looks like passive aggressive passwords aren't secure either: pic.twitter.com/lyqnlqtWov

— Tom van Enckevort (@tomvanenckevort) August 3, 2017

Strangely both "ilovetrees" and "ihatetrees" are pwned

— Tom Newton (@thomasnewton) August 3, 2017

ilovebigdicks69 is pwned ?

— Sam Kennan (@notskend) August 3, 2017

You can try it out for yourself here (although, please don’t use any passwords you’re actively using). While it’s incredibly important that sites learn to protect our private data (passwords in plaintext – not even once), it’s also important that individuals practice good password security and hygiene. You can learn about the best practices here, or alternatively, get yourself a password manager and use an ultra-complicated password for every site you visit.

Update: We changed the wording in this post in order to emphasize that readers shouldn’t test passwords they’re currently using.

Story by Matthew Hughes

Former TNW Reporter

Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi (show all) Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

This site has a searchable database of over 306 million leaked password

Get the TNW newsletter

Has wave energy finally found its golden buoy?

Decline of X is an opportunity to do social media differently – but combining ‘safe’ and ‘profitable’ will still be a challenge

Discover TNW All Access

How your online world could change if big tech companies like Google are forced to break up

AI startup Poolside raises $500M as AI coding market booms