Compromised Passwords: Find and Change Them

Why Is Checking For Compromised Passwords Important?

Making strong passwords for all your online accounts can be challenging. After all, we want to use our memory for more than just storing data. But having passwords compromised can lead to dangerous situations, namely data breaches.

About 80% of data breaches use weak passwords to steal data or money. These breaches mainly affect businesses, but they ultimately come back to impact people like you. As our society becomes more dependent on technology, so does our need for computer security.

How To Check For Compromised Passwords

If you want to know how to find compromised passwords, you have four options:

• Using your operating system or browser tools (Android and iOS)
• The Privacy Monitor from Clean Email
• Checking with ‘Have I Been Pwned’ service
• Using password manager apps

Below are detailed steps you can use to check for vulnerable access credentials under each system.

1. Looking for exposed passwords on Apple products

Considering Apple, compromised passwords are managed under the iCloud Keychain. The iCloud Keychain contains handy auto-filling features and monitors popular breach databases.

How to see compromised passwords on iPhone

To use this system to check your passwords on iPhone:

1. Go to your iPhone Settings.
2. Scroll down and tap Passwords.
3. Tap Security Recommendations.

Depending on your status, you'll either see no issues, a weak password notification, or notice of a data breach. Tapping the Change Password on Website button directs you to the main website to allow for changing passwords.

How to see compromised passwords on Mac

On Apple, breached login credentials can be found through the Safari Browser. You can access this password information with these steps:

1. Open Safari and go to Preferences.
2. Click on the Passwords tab.
3. Enter your user password to unlock passwords or use Touch ID.
4. Once you're in, Safari will show a list of all your saved passwords. Any compromised passwords will be marked with a warning symbol. You can click on this symbol to get more information.
5. Follow the security recommendations for each website with a weak or compromised password.

2. Checking for Google compromised passwords

Android and Google Chrome both have similar systems for checking passwords. Here's how you do it on Chrome Browsers.

1. Click the three dots in the upper-right corner.
2. Select Settings.
3. Click Autofill and passwords.
4. Click on Google Password Manager, then choose Checkup.

The system will identify any compromised or weak passwords within moments. For Chrome on Android, you follow the same steps under a similar pathway: Settings → Password → Check passwords.

Alternatively, you can choose to access the same information on Android OS. Here is how you can find your smartphone's password manager:

1. Go to Settings.
2. Search Password in the settings search bar.
3. Look for Autofill services with Google.
4. Tap it and select Passwords.
5. Select Check passwords.

Using Google, compromised passwords are incredibly easy to find. If you have compromised login credentials found in data breaches, both Google and Apple have handy tools to keep you prepared.

3. How to check if your password is compromised with Privacy Monitor

Clean Email provides a security check feature to see if your email is part of any data breaches. To use the Privacy Monitor feature in the Clean Email app, you need to:

1. Sign up for a free trial of the app.
2. Click Privacy Monitor on the left pane of the app’s dashboard.
3. The Privacy Monitor feature operates in the background, even when the app is not in use. If your email address is detected in any known breaches or security incidents, you will see the appropriate warning message.

With this information, you can take action and prevent compromised email breaches from being exploited, safeguarding your online safety.

4. Checking with the Have I Been Pwned service

To verify if your passwords are insecure and pose a potential risk, visit the Have I Been Pwned password checker and input your password. The HIBP service maintains a database of compromised passwords, which are unfit for continuous use due to the increased risk of account takeovers. These compromised passwords are accessible for search online, and can also be downloaded for cross-verification on different online platforms.

You can also find a list of current data breaches to find out whether a website you’d like to sign up to has a data leak. It's a handy tool for checking individual access credentials before you use them.

5. How to use password managers to check for breaches

Each password manager is a little different, but they all follow similar formats. Here are the two more popular examples:

• The LastPass app has a security dashboard you can access. Clicking on each account will pop up with a button to go to the website.
• The BitWarden system lets you create a health report from the Reports tab on the top of the screen. There are many reports for checking reused and weak passwords, and unsecured websites.

Good managers also include a password strength checker. Getting advice on your password as you write it can help you stay secure.

Antivirus platforms like Norton or BitDefender also provide dark web monitoring services. This information will tell you whether your passwords are being sold or distributed in illegal marketplaces.

How To Fix Compromised Passwords

If you discover that your data has been breached, you need to change your compromised credentials immediately. With regular password checks and dark web monitoring services, you can prevent the worst-case scenarios of exposure.

However, prevention is the best medicine, so performing activities to prevent password breaches can help. Here are some password security tips you can take to pre-fix potential exposures:

• Set up two-factor authentication (2FA). Two-factor authentication is when you require multiple sources to log in. For example, you might need your password and a text message code. You can also use authentication apps like Google Authenticator to generate random codes for authentication.
• Avoid unsafe passwords. The best passcodes have nothing to do with what people know you for. Internet users often make the mistake of making their password something on public record (the name of their dog or birthday). Avoid doing this and make sure your password isn't something people can guess.
• Use a password manager. Password managers enable you to auto-generate a strong password. This way, you won't need to remember it and you can set up your password manager behind 2FA, providing excellent security.
• Be aware of your digital footprint. Your digital footprint is a representation of everything you do online. By keeping track of this, you'll be able to identify the source of data leaks and correct that activity.
• Avoid repeat passwords. Don't use the same password for multiple websites. What this means is that people will use your login credentials successfully for multiple sites. If a criminal knows one of your logins, they have access to a bunch of your accounts.

These handy tips are your go-to solution if you're faced with a potential email hack. If you suspect your passwords stolen and need a prompt solution, start with 2FA. Don't underestimate the seriousness of a password compromised, take action to reinforce your account's security.