So You've Been Pwned
You've checked your address at the site breach database at Have I Been Pwned? and got a hit or three. So what now?
- Recognise the Risk. Retrieving passwords from site breaches is one way hackers are able to infiltrate your other services. This is because many people use the same passwords on different services, so if a website has stored your favourite password and is subsequently breached, hackers could now know your email address and favourite password, and they will see what other accounts they can access with that information. This is how people find themselves with their social media accounts vandalised, or their email accounts used for sending spam or online storage hosting malware.
- Reset Your Password. Reset the password on the breached site. Even if you don't use the site any longer, reset it anyway. Use the Cadzow Password Tool if it's on your desktop.
- Reset All The Other Passwords. If you remember the password from the breached site, and you know you used it elsewhere, change those passwords also. If you suspect you used a similar password on certain sites, change those. In fact, while you're at it, change the password for other critical accounts like email, banking, social media. It's probably about time they were changed anyway.
- Use Best Practices In Future. Use random or quasi-random passwords for all accounts. Use different passwords for all accounts.