Dark web safety awareness

Why: This is the industry-standard database for public data breaches and provides immediate visibility into known leaks.

How:

• Navigate to haveibeenpwned.com.
• Enter your primary email address.
• Review the list of breaches to see what was leaked (e.g., passwords, IP addresses, physical addresses).

Done when: You have a list of all services where your primary email was compromised.

Why: Since Google discontinued its Dark Web Report in early 2026, Mozilla Monitor has become the most reliable free alternative for continuous monitoring.

How:

• Visit monitor.mozilla.org.
• Sign in or enter your secondary email addresses.
• Check for 'unresolved' breaches that might not have appeared on other scanners.

Done when: All secondary email accounts have been scanned and results documented.

Why: Hackers use 'credential stuffing' to try leaked passwords on multiple sites; knowing if a password is 'pwned' is critical.

How:

• Go to haveibeenpwned.com/Passwords.
• Enter a password you have used in the past (it is safe; they use k-Anonymity hashing).
• If it has been seen even once, it must never be used again.

Done when: You know which of your password patterns are compromised.

Why: Human-memorable passwords are weak; a manager allows for unique, 20+ character passwords for every site.

How:

• Download Bitwarden (cloud-sync) or KeePassXC (local-only).
• Set a strong 'Master Password' that you have never used elsewhere.
• Install the browser extension for auto-fill capabilities.

Done when: Password manager is installed and master vault is created.

Why: Accounts identified as breached in Phase 1 are active targets for identity theft.

How:

• Log into each compromised service.
• Use your password manager to generate a new, random password.
• Save the new credentials immediately in your vault.

Done when: All breached accounts now have unique, high-entropy passwords.

Why: 2FA ensures that even if a password is leaked on the dark web, hackers cannot enter without a physical token.

How:

• Install an open-source authenticator like Aegis (Android) or Ente Auth (iOS/Android).
• Avoid SMS-based 2FA as it is vulnerable to SIM-swapping.
• Scan the QR codes in the 'Security' settings of your most important accounts (Email, Banking, Social Media).

Done when: Your core accounts require a 6-digit code from your app to log in.

Why: If you lose your phone, you will be locked out of 2FA-protected accounts unless you have these codes.

How:

• When enabling 2FA, look for 'Backup Codes' or 'Recovery Codes'.
• Save them in an encrypted note within your password manager or print them and store them in a physical safe.

Done when: Recovery codes are stored in a secure, accessible location.

Why: Using your real email for every sign-up is the primary reason data ends up on the dark web.

How:

• Create an account with SimpleLogin or Addy.io.
• Generate a unique alias for every new website (e.g., netflix.random123@simplelogin.com).
• If a site is breached, simply disable that specific alias.

Done when: You have created your first alias for a non-critical service.

Why: Standard browsers often leak 'fingerprinting' data that can be cross-referenced with dark web databases.

How:

• Install Firefox or LibreWolf.
• Add the 'uBlock Origin' extension to block malicious scripts and trackers.
• Set 'Enhanced Tracking Protection' to 'Strict'.

Done when: Browser is configured to minimize data leakage during daily use.

Why: If you must access .onion sites for research, the Tor Browser is the only safe, encrypted gateway.

How:

• Download ONLY from torproject.org.
• Set the Security Level to 'Safer' or 'Safest' to disable dangerous web features like JavaScript.
• Never maximize the window (to prevent screen-size fingerprinting).

Done when: Tor Browser is installed and configured to 'Safest' mode.

Why: New breaches occur daily; safety is a recurring process, not a one-time setup.

How:

• Open your calendar app.
• Create a recurring event every 3 months.
• Task: 'Re-scan emails on HIBP and Mozilla Monitor; update Password Manager'.

Done when: A recurring reminder is active in your calendar.