Many of your 'secure' passwords will have been leaked or compromised -- here's how to easily check and change them
I reuse passwords regularly. But, here’s the thing -- I only do so on websites where that doesn’t matter. Sites that I don’t need to revisit regularly, or at all, and which don’t hold any personal information on me. Those passwords tend to be short and easy to guess, and get leaked in breaches all the time. It’s no big deal.
What is a big deal, however, is when one of my carefully curated, long, complicated and never reused passwords gets leaked. And that can, and does, happen. There are a number of ways to find out if your passwords have been compromised, including using HaveIBeenPwned. But for this article I’m going to show you the best and easiest ways to find out what passwords have been leaked. I will warn you now, you may be in for a very nasty surprise.
If you have an iPhone, which I do, the process of finding out which passwords have been compromised is incredibly easy. Open Settings, tap on Passwords, and then tap on Security Recommendations. Detect Compromised Passwords should be enabled. If it isn’t, flick the toggle to on.
Below this you will see a list of sites where the currently stored password has appeared in a data leak, and this could include sites like Amazon, Netflix, and more. Under each site is a link you can click to 'Change password on Website' and you should do this for all of your important sites (if you have apps for those sites, you can update your login with the new password details afterwards).
At the bottom of the page you’ll see an 'Other Recommendations' section which lists any sites with reused or easily guessed passwords. Some of these may be worth changing -- it depends how important they are to you, and if the sites hold any personal data.
Google’s Password Check feature has been available in Chrome for a while, and can be accessed by typing chrome://settings/passwords into the browser address bar. Hit enter, and click on Check Passwords. The next page will show you compromised and weak passwords and give you the option to change them.
Last year Password Check was made available on phones running Android 9 and later. (You can check which version of the mobile OS you’re running by going to Settings > About phone.)
Assuming you’re running at least Android 9, the next step is to make sure Google Autofill is enabled on your phone as this is key to the feature.
Open Settings, tap System > Languages & input > Autofill service, then tap the gear icon next to Autofill service by Google, and make sure Use Autofill with Google is toggled on.
Google will then notify you when a password you use is included in a breach and you'll be able to change it.