What Should You Do When Your Passwords Are Compromised?

Your Passwords Have Been Compromised. What’s Next?

We hear this all the time from businesses looking for a new IT service company. Many times they come to us for help after their passwords have been compromised. They want to know what to do.

This is what one person was experiencing when they contacted us:

“I have been receiving emails from someone who says that they have one of my passwords and that they’ve infected my laptop with malware. They even have a password that I have not used recently. I have ignored this for a while, and I’m always very careful not to click on the email or not to click on anything that looks suspicious. I also run my antivirus to scan for malware on a regular basis. What should I do because this type of things scares me?”

First… Why Is This Happening?

This is because people tend to use the same password on many sites. Once these places get hacked, the data and identity of all the users on that site are at risk.

If you’ve received one of these emails saying, “we have your password,” and the subject of the email and/or the first paragraph contains a password that you recognize, don’t panic – it’s more common than you think. After all, just consider how often there are headlines about major security breaches.

What you may not realize is that these types of breaches can happen with much smaller websites as well, of which you may be a member. When they get breached, there may not be a major news story about it, but a hacker will have your password all the same.

Their next step is to use that information to intimidate you. It can be very scary to get an email with what you thought was a private password included in it, along with a threat, or demand for money.

What Should You Do?

The simplest way to avoid this type of vulnerability is to never use the same password for two different accounts. No matter whether it’s your online banking or your Pinterest account, always use a unique password.

Admittedly, it can be difficult to keep track of so many different passwords. That’s is where a password manager can be of use…

Get LastPass: Download “LastPass” (www.lastpass.com) a password manager that will help you securely store and manage your many unique passwords.

LastPass can even generate passwords for you, such as “zGgt%!@rA*5B*!4”. It can store and manage passwords for all of your online accounts; just don’t forget your Last Pass master password.

Your master password is the encryption key for your LastPass passwords, and if you lose it, your passwords are lost forever – make sure that you pick something that is sufficiently complex, unique, and memorable to you.

Use Multi-Factor Authentication: You can also use 2FA (two-factor authentication) or MFA (multi-factor authentication) to protect accounts where ever possible.

This requires an authenticator app like Microsoft Authenticator, Google Authenticator, Authy, or others. Most are interchangeable.

For example, if you’re using the Microsoft Authenticator and you go to a new website that says you need Google Authenticator, most often, you don’t need to use the Google Authenticator; any authenticator should work just fine.

Some authenticators use a “push” authentication, and others use a One-Time Password (OTP). This is a 6 or 8-digit code that’s generated based on an algorithm unique to you. Push authentication sends a message to your phone when you attempt to log into a system; you are required to approve the request on your phone.

Most of the authenticators are free, as is LastPass. However, LastPass does have a premium edition, which is $12/year and offers more features.

In Summary

So, to answer your question, you can simply continue to ignore these messages that you receive, or you can be proactive and do something to minimize any risk of exposure by implementing some security practices.

  1. Use a program like LastPass and ensure that your master password is something sufficiently complex.
  2. Ensure that all of your sites use different, complex passwords. Use a random password generator where possible.
  3. Use Multi-Factor Authentication on any site that offers it, to maintain better security.

The other upside to using different passwords: When someone sends you an email telling you that they have compromised your password, you’ll know which of your online accounts have been breached so you can report it to the company and, of course, change that password. The more you use the same password at multiple locations, the more you put your data and personal information at risk.

Did you find this information helpful? If so, check out our IT News, Information and Tech Tips.