Always Change Your Passwords After a Breach

Every week or so, news of yet another company’s data breach breaks. Often, the news stories will include a list of what data was or wasn’t compromised: emails, credit card numbers, addresses, etc. 

So, you might assume that if a news story doesn’t include “passwords” on the list of compromised data after a breach, there’s no rush to go reset yours.
But actually, resetting your password for any compromised account, regardless of whether that password was exposed, is exactly what you should do.

Why you should update your password for any compromised account

Even though 91% of people know that reusing passwords across accounts is bad, 59% of people still reuse their passwords—even between personal and work accounts.
There’s a chance the password you’re using on a compromised account is also being used elsewhere. And if someone already has your email address or other personal information from one breach, and then gets your reused password through another, they can put two and two together to hack your accounts.
It’s also possible that the breadth or depth of a breach may not be apparent or reported until months later, so passwords may indeed have been involved. Why take the risk?

The bottom line: No matter the extent of a company’s data breach, you should go change that password ASAP.

Here are a few more tips for creating strong passwords, and other smart password practices

1. Store passwords securely. Use a good and encrypted password manager APP, you probably know this, but never keep a list of passwords in plain text, like in a Word doc or Google doc. This applies to physical lists, too, especially in public places like an office. Keeping your passwords--in a password manager APP means they’re protected by the strongest encryption, and everything is accessible to only you.
2. Make them unique and strong. The strongest passwords are strings of random characters because they’re the hardest to crack with simple brute force or dictionary attacks. That’s why a Password Generator creates passwords that looks like a cat walked on your keyboard.
3. Turn on 2FA. For your most important accounts, like banking and email, use two-factor authentication (2FA). 2FA adds an additional layer of protection by requiring a second verification that you are who you say you are when you log in—usually via a code sent to your phone or email or better yet a prompt on your phone or a 2FA APP. When 2FA is enabled, even if someone gets ahold of your password, they still won’t be able to access your account unless they also have one of your devices. Check out Duo or Google Authenticator for 2FA options.

The tips above might seem like a lot if you try to do them all at once. Instead, pick at least one per week to implement in your digital life, and you’ll be more secure online right away!