How to Check if Your Passwords Are Compromised

No matter how strong you set your login credentials, they might be compromised if a website where you previously logged in has a data breach. Consequently, if the breached data is leaked publicly, anyone can log in to your account.

While some websites offer notification when someone attempts to access your account from another device, not all websites have this feature. Therefore, you may be completely unaware if someone tries to access your account. So it is always a good idea to check if your passwords have been compromised.

Check Compromised Password On Browser

Most browsers allow you to check if a password is compromised. It checks the database of breached websites and determines if it matches the username and password saved on the browser. 

So first, you need to have the password saved on the browser to check whether the password has been compromised.

On Google Chrome

For the Chrome browser, you can either use your Google account or the browser itself to check for a compromised password. 

1. Open any web browser and go to Google Account Password Manager.
2. Make sure that you are logged in to your Google account.
3. Click on Go to Password Checkup.
   
4. Click on Check Passwords.
   
5. Again, type the password to your Google account. If you are on a mobile device, it might ask for a pin, fingerprint, or FaceID.
6. Now, the browser should display all your compromised, reused, and weak passwords.
   

Alternatively, you can also check the saved password from Chrome’s browser settings.

1. Open Google Chrome and type chrome://settings/passwords in the address bar.
2. Click on Check Passwords. 
   
3. Chrome will now scan all your saved passwords.
   

On Edge

Microsoft Edge checks the saved password in the database of known public data leaks that are stored on the internet. If any username/email and password match the username-password from the leaks, you will get an alert about a compromised password.

1. Open Edge
2. Type edge://settings/passwords on the address bar and press Enter.
3. Under Autofill passwords, click on More settings.
   
4. Make sure that the option named Show alerts when passwords are found in an online leak is enabled. 
   
5. If any saved passwords are compromised, Edge will show you a notification saying Microsoft Edge detected that the password for 1 site has been leaked.
6. Click on View details to get the details about the sites and change their password.

On Firefox

Firefox checks the date of the website breach and the date you saved the password for that particular website. If the website was breached after you saved the password, you get an alert about breached data.

1. Open Firefox.
2. Type about:preferences#privacy in the address bar and press Enter.
3. Scroll down to Logins and Passwords.
4. Make sure that the option named Show alerts about passwords for breached websites is enabled.
   
5. Firefox will now display a notification if it finds any vulnerable passwords.

Check Compromised Password on iOS

iOS devices have their own password manager service where the device monitors the password and checks if they appear in a data leak. Besides this, the manager also identifies whether the password has been used multiple times.

1. Open iPhone Settings.
2. Scroll down and click on Passwords.
   
3. Click on Security Recommendations.
   
4. Here, you can view all passwords saved on your iPhone that are compromised.
5. Make sure that Detect Compromised Passwords is enabled.
   

Check Compromised Password on macOS

You can use macOS’s built-in password manager to save passwords and check if any of them are compromised. 

1. Click on the Apple icon on the top left side of the desktop.
2. Select System Preference.
   
3. Click on Passwords.
4. Enter your password.
5. Here, make sure that Detect compromised passwords is enabled.
   
6. Now, you should be able to see if the password on a website is compromised.

Check for Data Breaches 

A website named Have I Been Pwned keeps a database of breached websites. When you provide your email address, it then checks the database of leaked data for your email address. You can use this website to check if any of your accounts was involved in a data leak. 

1. Go to Have I Been Pwned website.
   
2. Enter your email address and click on pwned?
3. If your email was leaked, it will display a list of websites where your email was leaked.
4. It also shows you what data was leaked such as Email addresses, locations, Passwords, Usernames, etc.
   

What Can I Do if My Passwords Are Compromised?

A compromised password may not always mean that the account is hacked. It just means that the passwords are now public, and anyone can access the account.

You need to make sure that the account is not accessed by anyone. If it is not accessed, the first and obvious thing to do is change the password to those websites right away. If you have the same password set in other accounts, we recommend that you change them as well.

When resetting a password, make sure that you create a strong password to avoid brute-force cracking. Your password should include numbers, uppercase, and lowercase symbols and should be at least 10 characters long. 

If possible, enable two-factor authentication (2FA) on websites that contain sensitive information. It makes it impossible to log in to a new device without an OTP.

However, if the account has been hacked, breached website might send you a notification if a user from a new device is trying to log in to your account. Even if someone changes the password, you might be able to get the account back using the password reset OTP or links.