Portals and pwned password check
As of version 21.4.x of the VETtrak portals a new feature has been added to advise users of their password being found in a list of exposed passwords previously breached on the internet. Meaning they are less secure and their use should be avoided.
Have I been pwned? (author Troy Hunt)
What does "pwned" mean?
The word "pwned" has origins in video game culture and is a leetspeak derivation of the word "owned", due to the proximity of the "o" and "p" keys. It's typically used to imply that someone has been controlled or compromised, for example "I was pwned in the Adobe data breach". Read more about how "pwned" went from hacker slang to the internet's favourite taunt.
What is a "breach" and where has the data come from?
A "breach" is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. HIBP aggregates breaches and enables people to assess where their personal data has been exposed.
Pwned Passwords are 613,584,246+ real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts.
Password reuse and credential stuffing
Password reuse is normal. It's extremely risky, but it's so common because it's easy and people aren't aware of the potential impact. Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.