Chrome says my password has been compromised, what should I do?

 I'm going to try to do tips daily, or at least semi-regularly because this way you don't have to go on a mad dash to find out what to do about this kind of issue.


Ok so here's a scenario.  You are browsing along on the internet, doing your thing and suddenly, as you are asked to log into a particular website, Google Chrome or Firefox tells you that "This Website has had some usernames and passwords compromised."  What do you do?

First, verify that the message is actually coming from your browser.  An actual message from the browser will look like this: 

On your phone, it looks somewhat similar:


I pulled these images from another article by the Sun, just because I couldn't think of a site offhand that had an issue.  However, I have seen this warning in person, so it's an actual, real, verifiable thing.

A word about trusting everything you read on the internet, don't!  If you are using a different browser than Chrome and you see a pop-up similar to this, please be sure to verify where the pop up is coming from!  Spyware is sneaky and it'll try to emulate this warning to attempt to compromise your password!  

I know, what jerks!

Ok, so if you get this warning, or if you have any suspicion at ALL your password may have been compromised you should do the following:

1. Run an anti-Spyware suite, such as Malware Bytes (I am using this program as an example because it's one I've used before in both the Home and enterprise (aka Work) environment.)

2. Make sure you get this AntiSpyware suite from somewhere you can trust to get your downloads.  I usually use C-net's Downloads.com, but even they get a bit spammy.  Use your judgment, and if you mess up just send me an email at support@techwitchdetroit.freshdesk.com, this will open a ticket in my system and I'll do what I can to help you out!

3. After you have tested your computer to make sure you do not have a keylogger, (by running your AntiSpyware suite), go to the website in question and change your password.  You may need to look up the particular site's FAQ to figure this out, but the resources are there if you are willing to look!

4. Make your password as complex as you can as simple as possible!  
    4.1 - Let me break this down for you.  Passwords generally require a capital letter, a lower case letter, a number, and a special symbol.  Some passwords, although not many anymore, will not allow you to use a special character, but use the website you are changing the password on as guidance.
    
    4.2 Take for example the word Password, which should NEVER BE USED AS A PASSWORD.  Just, don't.  Also, no usernames.  We're going to use it as an example here however so that you can see the concept in action.  Password.  Ok, so what letters in this word can we CHANGE to look like the word we want to use, but NOT use letters to up the complexity.  What I see is that the P could be a 9, A could be a 4, the S's could be 5's W kinda has to stay as it is, O could be a zero (0) R can stay as it is and D could be replaced by an 8 or a 6.  If you wanted to get kinda creative, you could substitute the A for an @ sign too.
    
    4.3 Change the password using these tips.  This will allow you to use the same password as far as your memory is concerned, but the computer will see it as a completely different thing.



If you are having a hard time with remembering passwords, you may consider a passkey program such as Last Pass or the default one provided through the browser by google, but understand using these programs can create another risk if the program becomes compromised by an outside party.  This is incredibly unlikely to happen but possible.  Another option is to keep a book of passwords near your computer.
Yes, I mean like pen and paper notebook that you can keep on your desk or around your computer somewhere.  However, when you write your passwords down, you DO NOT want to make it extra clear what account the password is for, except to you and people who may need to log into your accounts in case of emergency.

As an example, let's say you want to write down your password for your cell provider.
Maybe you'll write something like the following:

Ring Ring
My primary home email
P455W076

Jake's place
My work email
5t@t3F@7m

This is a way to encode the language you need to provide yourself context but still obscure it enough that people have no idea what the heck you are on about.  If you are very concerned about a personal emergency, make sure you have someone you trust look over the book with you regularly so that they can figure out your coding.

In short, don't panic, just change your password!

ADVANCED MOVES!

If you suspect one of your accounts is being used, but not by you, you'll want to find out how to log all others out of your account.  Most popular services have this option.  
Let's say folks are getting weird messages from you on Facebook that definitely aren't coming from you.
First, figure out how to log all other devices out of your account.  Do this FIRST and have it in your mind, maybe even have the walkthrough on how to do it openly in another tab on your browser.

Second, change the password to something completely different.  For things like your social media or banking, you'll want to choose VERY LONG passwords with ample complexity.  For example, use a full sentence or phrase, then do the number/symbol replacement game. Change your password then log all of the other devices out.

Third, while you are thinking about it, grab any other devices you have around that you may be accustomed to being logged into the account, and make sure you log them back in while it is fresh in your mind.  Also, if you are keeping track of passwords on the Last Pass or in your personal notebook, make sure that you remove the old password by scratching it out or using white-out, and MAKE SURE YOU DATE IT!  Since some websites will allow you to log in with old passwords.

Well, you may be asking if the person who logged in as me has the old password, can't they just log back in?  The answer is typically no.  Algorithms are usually pretty good at picking up our habits and they're likely going to flag any unusual behaviors right after a password change in particular.




Comments

Post a Comment

Popular posts from this blog

The Tech Witch Explains the beginnings of the Internet.

Image
People can now understand why other people say I may not be the most stable human in the world.   Dee, really you are going to sit here and explain how the internet works when it's just this huge collection of millions of people's thoughts, feelings, concepts, and ideas? Yes.  Because procedurally it's a different thing entirely. The Internet is at its base level, a network of networks.
Read more