Always Change Your Passwords After a Breach

Every week or so, news of yet another company’s data breach breaks. Often, the news stories will include a list of what data was or wasn’t compromised: emails, credit card numbers, addresses, etc. When you use Dashlane, if that list includes “passwords,” you’ll automatically receive a security alert telling you to change your affected password and showing you other accounts you’ve stored in the app with reused or similar passwords so you can update those, too.

So, you might assume that if a news story doesn’t include “passwords” on the list of compromised data after a breach, there’s no rush to go reset yours.

But actually, resetting your password for any compromised account, regardless of whether that password was exposed, is exactly what you should do.

Why you should update your password for any compromised account

Even though 91% of people know that reusing passwords across accounts is bad, 59% of people still reuse their passwords—even between personal and work accounts.

There’s a chance the password you’re using on a compromised account is also being used elsewhere. And if someone already has your email address or other personal information from one breach, and then gets your reused password through another, they can put two and two together to hack your accounts.

It’s also possible that the breadth or depth of a breach may not be apparent or reported until months later, so passwords may indeed have been involved. Why take the risk?

The bottom line: No matter the extent of a company’s data breach, you should go change that password ASAP.

How else can Dashlane help after a breach?

Make sure that you’re storing all your online accounts in your Dashlane app—not just your most important ones. Because of the issues with reusing passwords explained above, even some old, throwaway shopping account can come back to haunt you. When all your passwords are in Dashlane, we can show you every account with a reused or similar password so you can secure it.

The Dashlane Premium plan also offers a few extra ways to stay safe after a breach. Turning on Dark Web Monitoring ensures that if your personal information is found on risky sites where it may be available to hackers and spammers, you’ll get an alert so you can secure the related account.

Here are a few more tips for creating strong passwords, and other smart password practices

1. Store passwords securely. If you use Dashlane, you probably know this, but never keep a list of passwords in plain text, like in a Word doc or Google doc. This applies to physical lists, too, especially in public places like an office. Keeping your passwords—all your passwords—in Dashlane means they’re protected by the strongest encryption, and everything is accessible to only you.
2. Make them unique and strong. The strongest passwords are strings of random characters, because they’re the hardest to crack with simple brute force or dictionary attacks. That’s why Dashlane’s Password Generator creates passwords that look like a cat walked on your keyboard. It may be tempting to just store your current, weak passwords in Dashlane, but don’t stop there: Head to your Password Health section and pick a few weak passwords to update every week. 
3. Turn on 2FA. For your most important accounts, like banking and email, use two-factor authentication (2FA). 2FA adds an additional layer of protection by requiring a second verification that you are who you say you are when you log in—usually via a code sent to your phone or email. When 2FA is enabled, even if someone gets a hold of your password, they still won’t be able to access your account unless they also have one of your devices. Check out Duo or Google Authenticator for 2FA options.

The tips above might seem like a lot if you try to do them all at once. Instead, pick at least one per week to implement in your digital life, and you’ll be more secure online right away!