Published February 21, 2023
Not all notifications warning you your password has been involved in a data leak are legit. Using caution and understanding your browser preferences are key.
Ever login to your UBITName account and get a message from your browser saying that your password was in a data leak and might be unsafe?
It’s a scary feeling. Was my account breached? Was the school’s network compromised?
The short answer, fortunately, is probably not.
The browser you’re using—for instance, Safari or Chrome— will automatically search for passwords that have been involved with data breaches, if you’ve enabled your browser to save your login credentials.
When you get that warning, it most likely means the browser detected the password involved in a leak at some point. It doesn’t mean there was a breach at UB or that your specific account was involved in a breach. In all likelihood, the password you’re using was compromised elsewhere. However, any account that uses this password is at risk and should be changed immediately.
Saving passwords in a browser is risky and should be avoided. If you haven’t enabled your browser to save your credentials and receive a message saying your password was compromised, it could be a phishing scam. Be careful not to click on it.
There are some ways to reduce the changes of this happening. The best way is to use individual passwords for each website you log into. While it can be difficult to remember multiple passwords for different sites, your browser will suggest strong passwords for you.
If you do get a legitimate notification from your browser letting you know that your password has been compromised at some point, the best thing to do is to change it. Your browser may be able to tell you which passwords you use have been compromised and give you the ability to change them.
It may be frustrating to make and remember new passwords, but there's a trick for making hard-to-crack passwords that you can easily remember.
Turn your password into a passphrase by writing an entire sentence that’s specific to you, and quirky enough to remember without too much effort. For example, consider the following sentence: “Triangles are classified according to angles and sides.”
That sentence has 57 total characters, including a capital letter and a symbol. Better yet, it contains no personal information that could lead someone to guess it.