In my last article I discussed password etiquette.  In this article I will discuss what to do if you feel your password has been compromised.  I reference the last article as it’s good to know what criteria to follow to setup a strong password.

So, what do you do if you think your password has been compromised?  You will want to start with changing the password on the compromised account, if you still have access to it.  If you have trouble gaining access to the account, visit the provider’s site for instructions on recovering the account.  Review my last article that discusses steps to create a new password.  Most of you have heard over and over how to create a complex password.  Remember the longer the better and add rAnd0m #@s!.  Don’t forget to download or use a password manager since you really shouldn’t have the same password for all accounts or websites.

Next you will want to look at the account that was compromised.  If it was an email account, check if phishing emails were sent to your contacts.  If so, reach out to them to let them know you were compromised.  Also check your mail settings to make sure nothing was changed like a forward setup to an unfamiliar email address.  If your account was compromised through malicious software, scan your computer to make sure it hasn’t been infected with Malware or viruses.  If you don’t have a virus scanner, Windows has a built-in program called Windows Defender.  Avast and AVG are among many virus scanning companies that offer free anti-virus software for Windows and Mac.

Make sure you reset any other websites or accounts that might have had the same password that was compromised.  When the bad guys get your password for one site, they go and try it out on other sites.  That means if you used the same password elsewhere, say your bank account, they could now have access to that.

If you are still with me and you’ve made it this far, you may be thinking, “This article doesn’t apply to me, I haven’t been compromised.”  So, you should wait until you are compromised to take action?  NO!!!  Take a look at the site https://haveibeenpwned.com/.  What this site does is allows you to see if your email address has been leaked or compromised.  Simply enter your email address to see a list of all known data breaches with records that tie to your account.  An awesome service this site offers is a “Notify Me” subscription to send you notifications about future breaches.  This allows you to get an email any time your personal information is found in a new breach.  I highly suggest checking all your email accounts on ‘Have I Been Pwned’.  If you have been ‘pwned’ you now have the know-how to fix any account that might be listed.

Happy surfing.

Kena Mann