We hope not, but it is not always easy to be sure.
As we’re all users of free (or non-free) services in the world wide web, and there are also successful attacks against such services, it is possible that one of your accounts (and the password) has been compromised.
There are services in the internet, where you can check your password, whether it has been hacked, but we do not recommend to enter your password in a page on the internet which is might not be secured by https and does not include the domain *.ist.ac.at in the address.
Instead, use our: https://hack-check.app.ist.ac.at/ service, which checks your password against security databases of hacked passwords. If your password is found, you should change it as soon as possible, as these databases are also used by hackers/crackers for so called dictionary attacks. Read more on the topic in this (a bit old but still valid) post from Bruce Schneier.
Some rules of the password policy at IST Austria are less strict than the following principles, nevertheless, having a more secure password is a good thing:
Principles for good passwords
- Longer is better (>16 characters)
- Random is better then combinations of words, but much harder to remember, but still 1.
- Never use only words, always combine with numbers and special characters
- Change passwords regularly (KeePass supports reminders for password changes)
- If not randomly generated (by your password manager) check against our service
Principles for good authentication
- Use multi-factor authentication where possible (Google, Facebook, Dropbox,… IST is evaluating!)
- Use a different password for every service you are using
- Use a password manager like KeePass
- Use a good password (see above)
- Don’t safe the password in your browser, use a password manager (independent from the browser)