What does it mean that the password I am using is not secure?
When registering an email login for My Vodafone or when logging into the Self Care, we check whether your password has appeared in databases containing leaked login credentials. For increased security, it is advisable to change such a password.
What should I do if my password has appeared in the HIBP database and is not secure?
If you use such a password when registering or logging into Vodafone, we will notify you that this password has appeared in the mentioned database and is therefore not secure.
- We strongly recommend choosing a different, more secure password. Check out the guide for changing your password for Vodafone login.
- If you use the same password for other systems and applications, it is advisable to change it there as well.
- Ideally, use a unique password for each service. In case of a leak, this reduces the risk of attackers gaining access to multiple accounts and services.
How do you know that the password I am using is not secure?
- To check if your login credentials have been leaked in the past, we use the reputable service Have I Been Pwned (HIBP).
- HIBP collects lists of leaked passwords and login emails, allowing you to securely find out if your password or login email has been part of any data breaches.
- We do not share your login credentials with any third parties; HIBP uses the so-called k-anonymity method for verification, which is a secure and widely recognized method for ensuring user privacy.
How could my password have ended up in a database of leaked passwords?
This most often happens when data is leaked from an insufficiently secured web service or site. If you use the same password to log in to multiple services, attackers could theoretically use the obtained database to log in to other sites or services you use. On the Have I Been Pwned website, by entering your email address, you can also find out from which service your login credentials likely leaked.
How does the k-anonymity method work?
K-anonymity is a method that protects users' privacy when verifying their data. The HIBP service only receives part of the password and searches its databases of leaked passwords. It then returns a list of hashes (encrypted versions of passwords) that match the provided part of the password. The same comparison is then made by the entity verifying the password. This way, HIBP never sees the user's entire password, which enhances security and privacy. This approach also ensures that even if someone intercepts the communication, they cannot easily determine the user's entire password.
Mějte přehled o svých službách díky aplikaci Můj Vodafone
