In this article, we are going to talk about what to do if your password is hacked.
A password is never 100% safe. Any company, at any time can get hacked and your password can be stolen. Because of this harsh reality, there’s a good chance that your password has already been compromised. If you suspect that your password has been hacked or compromised, there’s a couple of things you need to do immediately in order to minimize your exposure.
First, and this is the most obvious one is go directly into all the accounts you have change your password there. Do NOT, under any circumstance, click on a link from an email stating your account has been compromised. This is most likely a phishing attempt and you can very easily fall victim of this type of attack. If your password wasn’t actually compromised before and if you click on the link and follow through, your password sure is compromised now. By going to the website directly, you control the URL that you visit and you can check for SSL encryption as well. We’ll be talking about it in a future article, but you should be updating and changing your passwords regularly, regardless of a known hack or not.
The next thing to do once your password has been compromised is to set up 2 factor authentication (2FA). By doing this, you add a layer of security and if someone tries to change your password, then they’ll also need to have your phone or some other item in order to continue. Keep in mind, if you password is compromised, an attacker may know your password. If they use your password on lets say your banking website, they log in as you. Once logged in, they can change the password, keeping you out. With 2FA, the system will prompt for a code or something that typically goes to your cell phone via text or email. This added layer of security will either deter the attacker or prevent them from changing your password. If you ever get a 2FA notification and you didn’t “trigger” it, change your password immediately.
The last thing to do once your password has been compromised is to change your user names. Having a compromised password is one piece of the puzzle. The second piece is knowing the username. Oftentimes, as we are creatures of habit, we use the same username for a lot of different places. If your password is compromised and usernames happen to leak, or your username is something like your name, an attacker might be able to log into your account and make changes. Changing your username often adds yet another layer of security.
These are the three things I recommend to do if you think your password has been hacked or compromised. With that said, there are many different ways that a password can be hacked. The focus of this article was mainly on if a website you use gets hacked and their stored passwords are compromised. There are of course many other ways to get your password compromised such as having a keylogger installed, a social engineering attack, a phishing attack, and many others. No matter the situation, it’s a good practice to enable 2FA AND change your passwords often. It’s better to be safe than sorry.