What are Compromised Passwords?

By Sadaghian Team

Since 2020, the Safari web browser on Apple devices can display when one of the saved passwords for websites or apps has been compromised. But what does that actually mean? And what measures are necessary when such a warning appears?

Here we explain what's behind the term and what to do when there are problems with your login credentials.

Detect and Handle Compromised Passwords

  • Use Strong Passwords
    A strong password is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and special characters.
  • Uniqueness Matters
    Use a unique password for each account.
  • Two-Factor Authentication (2FA)
    Enable two-factor authentication wherever possible.
  • Use Password Managers
    Password managers help you generate and securely store strong, unique passwords.

What Does "Compromised" Mean?

A symbolic image for computer security.

Passwords protect your data and access from hackers (Graphic: Midjourney).

A compromise can be equated with exposure, in terms of digitally available information, this means public disclosure. Compromised passwords are therefore security keys that have been exposed due to security vulnerabilities, hacking attacks, or other data breaches.

In addition to simply publishing stolen login data, cybercriminals can also offer them for sale. Regardless of the exact approach, stolen and possibly published credentials are referred to as compromised passwords.

A symbolic image for the meaning of compromised passwords.

What does it mean when a password is compromised? (Graphic: Midjourney)

How Do I Find Out if My Password Is in Someone Else's Hands?

On Apple devices, in addition to the Safari browser warning mentioned at the beginning, there are other ways to find out if saved passwords have been stolen and used by others. To do this, you open the password overview in settings. This works in current versions of macOS, iOS, iPadOS, and others in Settings or System Settings under "Passwords". There you click or tap on "Security Recommendations".

If passwords have been compromised, there will be a "High Priority Recommendations" section. It might say something like this about a compromised account:

"This password has appeared in a data leak, which puts this account at high risk of compromise."

Here you should log in as quickly as possible with the known login data and change the password. You should also keep an eye on passwords in apps and change them regularly if necessary.

Symbolic image for an overview of different logins.

Logins to different services should always have different passwords (Graphic: Midjourney).

Without Apple's Help: Finding Out if Email Addresses Were Found in Hacks

If you don't manage your passwords through iCloud or services like 1Password, you should be even more careful to change your passwords regularly. However, to specifically search for possible data theft, there are various services on the web where you enter your email address and then see whether and in which data leaks this address has appeared.

One of these services is available at haveibeenpwned.com. In addition to individual searches, there is also a notification service for future cases of finding the registered email address.

Screenshot of the 'Have I Been Pwned' website.

There are services where you can check if your email address has been compromised.

Author: Sadaghian Team

Published:

Last updated: