What should you do if your password has been compromised? Each time we create a new account, we accept the risk that someone might steal its information. A strong personal cybersecurity ethic will help prevent this, but it can do nothing to protect you from data breaches that are increasingly affecting companies large and small.

While we hope you’ll never experience it, compromised passwords are a real possibility. What steps should you take if and when your password has been compromised? Find out below.

What Risks Do Compromised Passwords Pose?

Data breaches are expanding cybersecurity threats that have already exposed the sensitive information of billions of users. According to Verizon’s latest data, four out of five such incidents involve compromised passwords.

Sometimes this will happen as part of a coordinated cyberattack on an organization, agency, or company. Other times criminals will brute force the attack, relying on users’ complacent password handling.

To this day, some people still use phrases like “1234”, “password,” and “QWERTY” as part of their login credentials. Even if you’re more conscientious than that, chances are you’re using the same password or a close variation more than once. Obtaining just one of them gives hackers enough to work with to crack the rest.

The best-case scenario is you lose access to an old account you don’t need anymore. Less rosy outcomes are far more likely and can result in identity theft or financial damage. Armed with enough data about you and your accounts, a criminal can sign up for services or take out loans, possibly leading to your financial ruin.

How To Deal When Your Password Has Been Compromised?

A compromised password needn’t spell doom right away, and you can do much to prevent future incidents. Follow these steps for better password security and greater peace of mind.

Reset the password immediately

The obvious first step is to change an affected password as soon as you become aware of a breach. Criminals tend to steal passwords in large batches. Some won’t use them immediately, opting to sell them in bulk on the dark web instead. Use this to your advantage and change the password to something long, complex, and unique.

While you’re at it, go over your other passwords and do the same to ones that are similar to your old ones. Make each of them unique, and never reuse them.

Set up a password manager

Our first bit of advice makes sense for a few logins but isn’t practical on a large scale. The typical user regularly relies on anywhere from 20 to 100 passwords. Double that for It professionals. You’d have to be a savant to remember quality passwords for each. Luckily, you don’t have to.

Password management tools automatically create long passwords that look like gibberish yet are virtually impossible to brute force. You can set up as many as you like and set up a single master password to access them. The manager also makes resetting any or all stored passwords much less tedious.

Reinforce your passwords with 2FA

More services are realizing that a password, however secure, might not be enough. That’s why you should reinforce any accounts that support it with two-factor authentication. Doing so creates another barrier in the form of a code you receive when attempting to log in. A hacker would also need to steal the physical device you receive the code, which isn’t likely to happen.

Look out for official updates

If a data breach causes password theft, the affected company may issue statements and guidelines to its customers. Sometimes the compromise is only partial and might not affect you. Other times, the company will help guide your next steps or offer reimbursement.

Monitor your accounts

Carefully monitoring your accounts for suspicious activity can minimize potential damage. Notify your bank or CC company as soon as you see discrepancies. Take advantage of their online banking services to do this, and don’t forget to claim your free yearly credit report.

If you have reason to believe criminals have stolen your identity, you can even freeze your credit. This prevents the crooks from creating new accounts in your name. It’s an effective last resort but can be inconvenient if you need to make considerable purchases in the near future.

Conclusion

Passwords are imperfect and under increased scrutiny. Users and cybersecurity pros alike are clamoring for alternative solutions. We’ll be stuck with passwords for a while yet, so following best practices regarding their creation and use will make stealing them harder and the consequences of theft not as devastating.

Belayet Hossain

I’m a tech enthusiast, entrepreneur, digital marketer and professional blogger equipped with skills in Digital Marketing, SEO, SEM, SMM, and lead generation. My objective is to simplify technology for you through detailed guides and reviews. I discovered WordPress while setting up my first business site and instantly became enamored. When not crafting websites, making content, or helping clients enhance their online ventures, I usually take care of my health and spend time with family, and explore the world. Connect with me on Facebook, Twitter, Linkedin or read my complete biography.