Should I always change my password after a breach?

NSA’s partner, Dashlane, shared this article with us about password safety in the aftermath of a data breach. Unfortunately, cyber security events of this kind are happening with increasing frequency. Just this month, shortly after launching, Disney+ was hacked, exposing the data of subscribers to cybercriminals. In fact, that information is already on sale on the dark web.

Pay special attention to Eléonore’s simple password tips. They are easy, actionable, and can keep you safer. -Editor


Every week or so, news of yet another company’s data breach breaks. Often, the news stories will include a list of what data was or wasn’t compromised: emails, credit card numbers, addresses, etc. When you use Dashlane, if that list includes “passwords,” you’ll automatically receive a security alert telling you to change your affected password and showing you other accounts you’ve stored in the app with reused or similar passwords so you can update those, too.

So, you might assume that if a news story doesn’t include “passwords” on the list of compromised data after a breach, there’s no rush to go reset yours.

But actually, resetting your password for any compromised account, regardless of whether that password was exposed, is exactly what you should do.

Why you should update your password for any compromised account

Even though 91% of people know that reusing passwords across accounts is bad, 59% of people still reuse their passwords—even between personal and work accounts.

There’s a chance the password you’re using on a compromised account is also being used elsewhere. And if someone already has your email address or other personal information from one breach, and then gets your reused password through another, they can put two and two together to hack your accounts.

It’s also possible that the breadth or depth of a breach may not be apparent or reported until months later, so passwords may indeed have been involved. Why take the risk?

The bottom line: No matter the extent of a company’s data breach, you should go change that password ASAP.

Here are a few more tips for creating strong passwords, and other smart password practices

  1. Store passwords securely. If you use Dashlane, you probably know this, but never keep a list of passwords in plain text, like in a Word doc or Google doc. This applies to physical lists, too, especially in public places like an office.
  2. Make them unique and strong. The strongest passwords are strings of random characters, because they’re the hardest to crack with simple brute force or dictionary attacks. Using a password manager like Dashlane helps you create and manage complex passwords.
  3. Turn on 2FA (two-factor authentication). For your most important accounts, like banking and email, use two-factor authentication. 2FA adds an additional layer of protection by requiring a second verification that you are who you say you are when you log in—usually via a code sent to your phone or email. When 2FA is enabled, even if someone gets a hold of your password, they still won’t be able to access your account unless they also have one of your devices. Check out Duo or Google Authenticator for 2FA options.

The tips above might seem like a lot if you try to do them all at once. Instead, pick at least one per week to implement in your digital life, and you’ll be more secure online right away!


About the Author:

Eléonore Le Bihan is the Product Marketing Manager for Dashlane.

Say something about this...
Share on Facebook
Tweet about this on Twitter
Share on LinkedIn
Email this to someone
Print this page