Proton
compromised passwords

How do passwords become compromised?

Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it?

What does “compromised password” mean?

When a password is compromised, it means that it has been revealed somehow or that a password is so weak that it can be easily figured out through a brute force attack of some kind. Either way, it is likely to be known to an attacker. As you can imagine, a compromised password is a major liability as the account it protects is now easily accessed by cybercriminals.

How do passwords get compromised?

There are a lot of situations that can lead to compromised passwords. Some are within our control, while others aren’t. Let’s take a look at a few common scenarios.

Data breaches

Probably the most common scenario, and one completely out of your control, are data breaches. In these cases your data is leaked after a successful cyberattack on a company’s databases, exposing the personal data of everybody that had an account with them, often including their logins and passwords.

Data breaches are disturbingly common, from the large Dropbox breach a decade ago that exposed the data of 68 million users, to the recent AT&T breach(ventana nueva) that exposed as many as 73 million people’s data. There’s no end to examples, and companies seem disturbingly cavalier when they happen.

Phishing attacks

Cybercriminals don’t just go after companies, they also like to target individuals, with phishing attacks especially posing a grave danger to your password health. During a phishing attempt, a criminal impersonates a person or institution you trust and tries to get a hold of personal information, such as your login details or bank card numbers. Often they use fake login pages to trick you into sending them your credentials.

These attacks are also disturbingly common and it’s very easy to be fooled by them, even if you are vigilant. The only thing you can do to guard against them is to never share login information with anybody, and be suspicious of unexpected emails and text messages. Proton Mail’s link confirmation feature and other security protections can also help, as can Proton Pass’ hide-my-email aliases.

Poor password habits

While data breaches and other cybercrime are out of your control, the last common way in which passwords are compromised is not: namely using weak passwords. Whether it is through password fatigue or not knowing how important strong passwords are, too many people use passwords that can easily be guessed by enterprising criminals.

Examples include password123, your name, birthplace, or anything else that can be cracked in a dictionary attack. Clever substitutions like P@55word won’t help as hacking programs take into account small changes like this. The only way to keep your password safe is to use long, random passwords.  

How do you prevent passwords from being compromised?

With these factors in kind, how do you keep your passwords from becoming compromised? There are a few things you can do, thankfully. The most important is to always use a password generator to create new passwords, as these programs are the only way you can make a password random enough to thwart dictionary attacks.

The problem with random passwords is that they’re hard to remember; human brains simply can’t handle them. And writing them down is not secure. To fix that you need a program that can store and recall passwords for you, a password manager. Besides keeping your password secure, these programs also autofill your passwords so you don’t have to type them in. 

You likely know password managers if you’re using any major browser. Chrome has one built in. However, it’s not very secure, which is why we developed Proton Pass, a password manager that offers both ease of use and top-notch security.

For example, Proton Pass uses end-to-end encryption for all your data, meaning your passwords are encrypted at all times. Nobody but you can see your passwords, not even Proton. 

We also have a built-in password generator that can create truly random passwords and passphrases that you can more easily remember. As a result, any account you create going forward will enjoy the full benefit of Proton Pass security.

What can you do if your passwords are compromised?

That leaves the question of what you can do if your passwords are compromised. If you think a password is at risk, or your account data has been leaked, changing your password to a more secure one will fix the issue. 

Thankfully, all Proton Pass plans offer access to the Pass Monitor feature that shows you which of your passwords are weak or duplicated and pose a security threat. It also alerts you if your email addresses have shown up in a breach. This gives you ample time to fix the issue.

We can offer these features because, unlike most of our competitors, we’re not beholden to advertisers or venture capitalists; we’re entirely funded by you, our users. As a result, we can focus on what brings you the most value rather than what’s best for our bottom line. If a secure password manager that puts you first sounds good to you, sign up to Proton Pass today.

Protege tus contraseñas
Crea una cuenta gratuita

Artículos relacionados

What is NIS2?
en
We look at how NIS2 will affect your organization, and at how Proton’s services can help it meet its compliance requirements. 
en
Find out how a password manager works, what it does, and how Proton Pass keeps your private information secure.
An image of a mortarboard cap, logos for Proton Drive, Mail, VPN, Pass, and Calendar, and a password field on a blog offering student discounts for all Proton products
en
  • Actualizaciones del producto
  • Noticias de Proton
As students build their lives online, Proton makes it safe for them to access educational resources, communicate with each other, and share knowledge online safely.
The cover image for a blog introducing the new Pass Family plan. Text saying 'Introducing Pass Family' next to an image of a family sitting together on their laptops
en
  • Actualizaciones del producto
  • Proton Pass
Pass Family helps you manage the passwords and logins of up to six family members and gives you more time to spend with your family.
Salt Typhoon
en
Chinese hackers have compromised US national security by exploiting government-mandated “backdoors”. The EU should learn from this.
An illustration of a laptop with chains and a padlock on the screen to represent a ransomware attack
en
A ransomware attack is a serious threat for an organization. Here's what they are, how to avoid them, and 11 of the most well-known incidents.