How to Find Compromised Passwords and Change Them

Why Is Checking for Compromised Passwords Important?

Making strong passwords for all your online accounts can be challenging. After all, we want to use our memory for more than just storing data. But having passwords compromised can lead to dangerous situations, namely data breaches.

About 80% of data breaches use weak passwords to steal data or money. These breaches mainly affect businesses, but they ultimately come back to impact people like you. As our society becomes more dependent on technology, so does our need for computer security.

➡️ Try Screener for free or read more about it later in the article.

How to Check for Compromised Passwords

If you want to know how to find leaked passwords, you have four options:

• Using your operating system or browser tools (Android and iOS)
• The Privacy Monitor from Clean Email
• Checking with ‘Have I Been Pwned’ service
• Using password manager apps

Below are detailed steps you can use to check for vulnerable access credentials under each system.

1. Looking for exposed passwords on Apple products

Considering Apple, compromised passwords are managed under the iCloud Keychain. The iCloud Keychain contains handy auto-filling features and monitors popular breach databases.

How to see compromised passwords on iPhone

To use this system to check your passwords on iPhone:

1. Find the Passwords app on your iPhone and open it.
2. Tap Security.

Depending on your status, you'll either see no issues, a weak password notification, or notice of a data breach. Tapping the Change Password… button directs you to the main website to allow for changing passwords.

How to see compromised passwords on Mac

On Apple, breached login credentials can be found through the Safari Browser. You can access this password information with these steps:

1. Go to the Passwords app.
2. Enter your user password to unlock passwords or use Touch ID.
3. Once you're in, you’ll see a list of all your saved passwords. Any leaked password will be marked with a warning symbol. You can click on this symbol to get more information.
4. Follow the security recommendations for each website with a weak or compromised password.

2. Checking for Google compromised passwords

Android and Google Chrome have pretty similar ways of checking for leaked passwords.

How to run a password checkup in Google Chrome

1. Click on those three vertical dots in the top right corner.
2. Head over to Settings.
3. Then click on Autofill and passwords.
4. You're looking for Google Password Manager, then a click on Checkup will do the trick.

The system will pick up on any dodgy or weak passwords in no time at all. You can do the same on Chrome for Android by going into Settings and then Passwords → Check passwords.

Check for leaked passwords using your phone’s built-in tools

Alternatively, you can access your phone's password manager if you want to. Here's how you can find your smartphone's password manager:

1. Head to Settings.
2. Search for Password in the search bar at the top.
3. Look for Autofill services with Google.
4. Tap it and you should see Passwords.
5. Then just tap on Check passwords.

With Google, finding out if your password's been compromised is a breeze. If you have any login credentials that have been exposed in a data breach, you can use either Google or Apple's tools to help you stay on top of things.

4. Checking with the Have I Been Pwned service

To verify if your passwords are insecure and pose a potential risk, visit the Have I Been Pwned password checker and input your password. The HIBP service maintains a database of compromised passwords, which are unfit for continuous use due to the increased risk of account takeovers. These compromised passwords are accessible for search online, and can also be downloaded for cross-verification on different online platforms.

You can also find a list of current data breaches to find out whether a website you’d like to sign up to has a data leak. It's a handy tool for checking individual access credentials before you use them.

5. How to use password managers to check for breaches

If you discover multiple leaked passwords, handling them one by one can be exhausting. Instead, use your password manager’s bulk update or audit feature to identify and reset all affected logins at once.

📌 Many tools also flag reused passwords, helping you replace them with unique ones automatically. After updates, sign out of all sessions across devices and review connected apps for unauthorized access.

Each password manager is a little different, but they all follow similar formats. Here are the two more popular examples:

• The LastPass app has a security dashboard you can access. Clicking on each account will pop up with a button to go to the website.
• The BitWarden system lets you create a health report from the Reports tab on the top of the screen. There are many reports for checking reused and weak passwords, and unsecured websites.

Good managers also include a password strength checker. Getting advice on your password as you write it can help you stay secure.

Antivirus platforms like Norton or BitDefender also provide dark web monitoring services. This information will tell you whether your passwords are being sold or distributed in illegal marketplaces.

How to Fix Compromised Passwords

If you discover that your data has been breached, you need to change your compromised credentials immediately. With regular password checks and dark web monitoring services, you can prevent the worst-case scenarios of exposure.

However, prevention is the best medicine, so performing activities to prevent password breaches can help. Here are some password security tips you can take to pre-fix potential exposures:

• Set up two-factor authentication (2FA). Two-factor authentication is when you require multiple sources to log in. For example, you might need your password and a text message code. You can also use authentication apps like Google Authenticator to generate random codes for authentication.
• Avoid unsafe passwords. The best passcodes have nothing to do with what people know you for. Internet users often make the mistake of making their password something on public record (the name of their dog or birthday). Avoid doing this and make sure your password isn't something people can guess.
• Use a password manager. Password managers enable you to auto-generate a strong password. This way, you won't need to remember it and you can set up your password manager behind 2FA, providing excellent security.
• Be aware of your digital footprint. Your digital footprint is a representation of everything you do online. By keeping track of this, you'll be able to identify the source of data leaks and correct that activity.
• Avoid repeat passwords. Don't use the same password for multiple websites. What this means is that people will use your login credentials successfully for multiple sites. If a criminal knows one of your logins, they have access to a bunch of your accounts.

These handy tips are your go-to solution if you're faced with a potential email hack. If you suspect your passwords stolen and need a prompt solution, start with 2FA. Don't underestimate the seriousness of a password compromised, take action to reinforce your account's security.