Proton
compromised passwords

How do passwords become compromised?

Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it?

What does “compromised password” mean?

When a password is compromised, it means that it has been revealed somehow or that a password is so weak that it can be easily figured out through a brute force attack of some kind. Either way, it is likely to be known to an attacker. As you can imagine, a compromised password is a major liability as the account it protects is now easily accessed by cybercriminals.

How do passwords get compromised?

There are a lot of situations that can lead to compromised passwords. Some are within our control, while others aren’t. Let’s take a look at a few common scenarios.

Data breaches

Probably the most common scenario, and one completely out of your control, are data breaches. In these cases your data is leaked after a successful cyberattack on a company’s databases, exposing the personal data of everybody that had an account with them, often including their logins and passwords.

Data breaches are disturbingly common, from the large Dropbox breach a decade ago that exposed the data of 68 million users, to the recent AT&T breach(new window) that exposed as many as 73 million people’s data. There’s no end to examples, and companies seem disturbingly cavalier when they happen.

Phishing attacks

Cybercriminals don’t just go after companies, they also like to target individuals, with phishing attacks especially posing a grave danger to your password health. During a phishing attempt, a criminal impersonates a person or institution you trust and tries to get a hold of personal information, such as your login details or bank card numbers. Often they use fake login pages to trick you into sending them your credentials.

These attacks are also disturbingly common and it’s very easy to be fooled by them, even if you are vigilant. The only thing you can do to guard against them is to never share login information with anybody, and be suspicious of unexpected emails and text messages. Proton Mail’s link confirmation feature and other security protections can also help, as can Proton Pass’ hide-my-email aliases.

Poor password habits

While data breaches and other cybercrime are out of your control, the last common way in which passwords are compromised is not: namely using weak passwords. Whether it is through password fatigue or not knowing how important strong passwords are, too many people use passwords that can easily be guessed by enterprising criminals.

Examples include password123, your name, birthplace, or anything else that can be cracked in a dictionary attack. Clever substitutions like P@55word won’t help as hacking programs take into account small changes like this. The only way to keep your password safe is to use long, random passwords.  

How do you prevent passwords from being compromised?

With these factors in kind, how do you keep your passwords from becoming compromised? There are a few things you can do, thankfully. The most important is to always use a password generator to create new passwords, as these programs are the only way you can make a password random enough to thwart dictionary attacks.

The problem with random passwords is that they’re hard to remember; human brains simply can’t handle them. And writing them down is not secure. To fix that you need a program that can store and recall passwords for you, a password manager. Besides keeping your password secure, these programs also autofill your passwords so you don’t have to type them in. 

You likely know password managers if you’re using any major browser. Chrome has one built in. However, it’s not very secure, which is why we developed Proton Pass, a password manager that offers both ease of use and top-notch security.

For example, Proton Pass uses end-to-end encryption for all your data, meaning your passwords are encrypted at all times. Nobody but you can see your passwords, not even Proton. 

We also have a built-in password generator that can create truly random passwords and passphrases that you can more easily remember. As a result, any account you create going forward will enjoy the full benefit of Proton Pass security.

What can you do if your passwords are compromised?

That leaves the question of what you can do if your passwords are compromised. If you think a password is at risk, or your account data has been leaked, changing your password to a more secure one will fix the issue. 

Thankfully, all Proton Pass plans offer access to the Pass Monitor feature that shows you which of your passwords are weak or duplicated and pose a security threat. It also alerts you if your email addresses have shown up in a breach. This gives you ample time to fix the issue.

We can offer these features because, unlike most of our competitors, we’re not beholden to advertisers or venture capitalists; we’re entirely funded by you, our users. As a result, we can focus on what brings you the most value rather than what’s best for our bottom line. If a secure password manager that puts you first sounds good to you, sign up to Proton Pass today.

Protect your passwords
Create a free account

Related articles

laptop showing Bitcoin price climbing
  • Privacy guides
Learn what a Bitcoin wallet does and the strengths and weaknesses of custodial, self-custodial, hardware, and paper wallets.
pixel tracking: here's how to tell which emails track your activity
Discover what pixel tracking is and how it works, how to spot emails that track you, and how to block these hidden trackers.
A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.