Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it?
- What does compromised password mean?
- How do passwords get compromised?
- How do you prevent passwords from being compromised?
- What can you do if your passwords are compromised?
What does “compromised password” mean?
When a password is compromised, it means that it has been revealed somehow or that a password is so weak that it can be easily figured out through a brute force attack of some kind. Either way, it is likely to be known to an attacker. As you can imagine, a compromised password is a major liability as the account it protects is now easily accessed by cybercriminals.
How do passwords get compromised?
There are a lot of situations that can lead to compromised passwords. Some are within our control, while others aren’t. Let’s take a look at a few common scenarios.
Data breaches
Probably the most common scenario, and one completely out of your control, are data breaches. In these cases your data is leaked after a successful cyberattack on a company’s databases, exposing the personal data of everybody that had an account with them, often including their logins and passwords.
Data breaches are disturbingly common, from the large Dropbox breach a decade ago that exposed the data of 68 million users, to the recent AT&T breach(new window) that exposed as many as 73 million people’s data. There’s no end to examples, and companies seem disturbingly cavalier when they happen.
Phishing attacks
Cybercriminals don’t just go after companies, they also like to target individuals, with phishing attacks especially posing a grave danger to your password health. During a phishing attempt, a criminal impersonates a person or institution you trust and tries to get a hold of personal information, such as your login details or bank card numbers. Often they use fake login pages to trick you into sending them your credentials.
These attacks are also disturbingly common and it’s very easy to be fooled by them, even if you are vigilant. The only thing you can do to guard against them is to never share login information with anybody, and be suspicious of unexpected emails and text messages. Proton Mail’s link confirmation feature and other security protections can also help, as can Proton Pass’ hide-my-email aliases.
Poor password habits
While data breaches and other cybercrime are out of your control, the last common way in which passwords are compromised is not: namely using weak passwords. Whether it is through password fatigue or not knowing how important strong passwords are, too many people use passwords that can easily be guessed by enterprising criminals.
Examples include password123, your name, birthplace, or anything else that can be cracked in a dictionary attack. Clever substitutions like P@55word won’t help as hacking programs take into account small changes like this. The only way to keep your password safe is to use long, random passwords.
How do you prevent passwords from being compromised?
With these factors in kind, how do you keep your passwords from becoming compromised? There are a few things you can do, thankfully. The most important is to always use a password generator to create new passwords, as these programs are the only way you can make a password random enough to thwart dictionary attacks.
The problem with random passwords is that they’re hard to remember; human brains simply can’t handle them. And writing them down is not secure. To fix that you need a program that can store and recall passwords for you, a password manager. Besides keeping your password secure, these programs also autofill your passwords so you don’t have to type them in.
You likely know password managers if you’re using any major browser. Chrome has one built in. However, it’s not very secure, which is why we developed Proton Pass, a password manager that offers both ease of use and top-notch security.
For example, Proton Pass uses end-to-end encryption for all your data, meaning your passwords are encrypted at all times. Nobody but you can see your passwords, not even Proton.
We also have a built-in password generator that can create truly random passwords and passphrases that you can more easily remember. As a result, any account you create going forward will enjoy the full benefit of Proton Pass security.
What can you do if your passwords are compromised?
That leaves the question of what you can do if your passwords are compromised. If you think a password is at risk, or your account data has been leaked, changing your password to a more secure one will fix the issue.
Thankfully, all Proton Pass plans offer access to the Pass Monitor feature that shows you which of your passwords are weak or duplicated and pose a security threat. It also alerts you if your email addresses have shown up in a breach. This gives you ample time to fix the issue.
We can offer these features because, unlike most of our competitors, we’re not beholden to advertisers or venture capitalists; we’re entirely funded by you, our users. As a result, we can focus on what brings you the most value rather than what’s best for our bottom line. If a secure password manager that puts you first sounds good to you, sign up to Proton Pass today.