Nearly all of us use accounts on numerous web sites. Hopefully we are all paying attention to best practices as far as security goes and have a different password on each site – no I don’t always do that either!
Over time there has been numerous account leaks from web sites whose security measures have not always been as it should. Whilst some of us try to keep up with the news on such matters, it is hardly surprising that people may not be aware that their long forgotten account credentials on a web site have been disclosed.
The easy way of checking is to use a site like http://haveibeenpwned.com/ which allows you to enter an email address and find out whether it has had a password disclosed in the past.
What If My Account Was Compromised ?
The first thing to do is try and produce a list of sites whose password is likely to be the same as that of the compromised web sites. If you are anything like me, you may well have no idea on what those sites may be, so you may have to resort to producing a list of web sites whose account passwords may be the same as that of the compromised site.
Once you have that list, work through it and change the password for each one.
It is probably a good idea to :-
- Change the account password on every web site you use at least every 2 years. With any luck your appreciation of what makes a strong password will improve over time.
- Review the importance of each web site account you use. Sometimes people may set a weak password on an account they believe isn’t too important … and the importance of an account may well change over time.
- For web accounts that you no longer use, it is still worth changing their password. Set it to something insanely difficult (and store it in a password store such as KeePass).