ProtonBlog
compromised passwords

Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it?

What does “compromised password” mean?

When a password is compromised, it means that it has been revealed somehow or that a password is so weak that it can be easily figured out through a brute force attack of some kind. Either way, it is likely to be known to an attacker. As you can imagine, a compromised password is a major liability as the account it protects is now easily accessed by cybercriminals.

How do passwords get compromised?

There are a lot of situations that can lead to compromised passwords. Some are within our control, while others aren’t. Let’s take a look at a few common scenarios.

Data breaches

Probably the most common scenario, and one completely out of your control, are data breaches. In these cases your data is leaked after a successful cyberattack on a company’s databases, exposing the personal data of everybody that had an account with them, often including their logins and passwords.

Data breaches are disturbingly common, from the large Dropbox breach a decade ago that exposed the data of 68 million users, to the recent AT&T breach(new window) that exposed as many as 73 million people’s data. There’s no end to examples, and companies seem disturbingly cavalier when they happen.

Phishing attacks

Cybercriminals don’t just go after companies, they also like to target individuals, with phishing attacks especially posing a grave danger to your password health. During a phishing attempt, a criminal impersonates a person or institution you trust and tries to get a hold of personal information, such as your login details or bank card numbers. Often they use fake login pages to trick you into sending them your credentials.

These attacks are also disturbingly common and it’s very easy to be fooled by them, even if you are vigilant. The only thing you can do to guard against them is to never share login information with anybody, and be suspicious of unexpected emails and text messages. Proton Mail’s link confirmation feature and other security protections can also help, as can Proton Pass’ hide-my-email aliases.

Poor password habits

While data breaches and other cybercrime are out of your control, the last common way in which passwords are compromised is not: namely using weak passwords. Whether it is through password fatigue or not knowing how important strong passwords are, too many people use passwords that can easily be guessed by enterprising criminals.

Examples include password123, your name, birthplace, or anything else that can be cracked in a dictionary attack. Clever substitutions like P@55word won’t help as hacking programs take into account small changes like this. The only way to keep your password safe is to use long, random passwords.  

How do you prevent passwords from being compromised?

With these factors in kind, how do you keep your passwords from becoming compromised? There are a few things you can do, thankfully. The most important is to always use a password generator to create new passwords, as these programs are the only way you can make a password random enough to thwart dictionary attacks.

The problem with random passwords is that they’re hard to remember; human brains simply can’t handle them. And writing them down is not secure. To fix that you need a program that can store and recall passwords for you, a password manager. Besides keeping your password secure, these programs also autofill your passwords so you don’t have to type them in. 

You likely know password managers if you’re using any major browser. Chrome has one built in. However, it’s not very secure, which is why we developed Proton Pass, a password manager that offers both ease of use and top-notch security.

For example, Proton Pass uses end-to-end encryption for all your data, meaning your passwords are encrypted at all times. Nobody but you can see your passwords, not even Proton. 

We also have a built-in password generator that can create truly random passwords and passphrases that you can more easily remember. As a result, any account you create going forward will enjoy the full benefit of Proton Pass security.

What can you do if your passwords are compromised?

That leaves the question of what you can do if your passwords are compromised. If you think a password is at risk, or your account data has been leaked, changing your password to a more secure one will fix the issue. 

Thankfully, all Proton Pass plans offer access to the Pass Monitor feature that shows you which of your passwords are weak or duplicated and pose a security threat. It also alerts you if your email addresses have shown up in a breach. This gives you ample time to fix the issue.

We can offer these features because, unlike most of our competitors, we’re not beholden to advertisers or venture capitalists; we’re entirely funded by you, our users. As a result, we can focus on what brings you the most value rather than what’s best for our bottom line. If a secure password manager that puts you first sounds good to you, sign up to Proton Pass today.

Protege tus contraseñas
Crea una cuenta gratuita

Artículos relacionados

en
From the very beginning, Proton has always been a different type of organization. This was probably evident from the way in which we got started via a public crowdfunding campaign that saw 10,000 people donate over $500,000 to launch development. As
en
Your online data is valuable. While it might feel like you’re browsing the web for free, you’re actually paying marketing companies with your personal information. Often, even when you pay for services, these companies still collect and profit from y
en
Password spraying attacks pose a major risk to individuals and organizations as a method to breach network security by trying commonly used passwords across numerous accounts. This article explores password spraying attacks, explaining their methods
en
A secure password is your first defense against unauthorized access to your personal information. While there are tools that generate strong passwords, remembering these complex combinations can become a challenge. Even if you use mnemonic devices,
en
Choosing the best email hosting provider for your small business is crucial for maintaining security, control, and compliance with data protection laws.  For one, many popular providers, such as Gmail and Outlook, don’t apply end-to-end encryption b
en
Today, we’re excited to announce new enhancements to Proton Drive’s sharing functionality, giving you greater control over who you share with and how you share your files and folders. This feature builds on how sharing currently works in Drive by le