Unless you're a technological ascetic your login credentials will be part of a data breach. There are too many services, too many half-assed security measures, too many bugs in underlying libraries and protocols, too many novel attack vectors, and too many bad actors and too much attack surface to not be caught up in a breach sooner or later. The only questions are when it will happen and which service will be compromised.
If you're lucky the service will notice the breach quickly and notify you to change your password. If you're unlucky your credentials could be out there for months or years without knowing about it. There are services like have i been pwned? that will tell you whether or not your email address has shown up in a leak but that information by itself is useless. You need to know the site/service associated with the credentials and they don't tell you that – not for free, anyway. That's why I'm excited about what Chrome is doing here. It's not quite a pro-active notification to go reset your password, but as long as you access a site regularly you should find out that your credentials for that site have been compromised and need to be changed.
This is why you should never reuse passwords. Get a password manager and use it to generate and manage strong, unique passwords for every account you have. That way when your credentials leak from one service they can't be used to access other services as well. Your strongest password should probably be your email account, since that's the usual channel for resetting a forgotten password. If someone gets access to your email they can probably get access to virtually everything else.
There are no comments yet.