How to find and fix passwords that hackers have stolen

How to find and fix passwords that hackers have stolen

By

How to find and update passwords that hackers already have
If hackers steal the passwords you use to log into websites, your Apple device can warn you and help you change them.
Photo: Cult of Mac

There’s a good chance that some company’s lax security has already let hackers steal the password you use for their website. And it could have happened with a bunch of them. Fortunately, your Apple devices make it easy to find out which of your passwords have leaked out so you can change them.

It’s World Password Day. Take this as an excuse to fix these problems now.

iCloud Keychain helps you deal with too many passwords

You probably have hundreds of websites and applications protected by passwords. I have so many I can’t conveniently count them – I stopped counting at 100 and I was still near the top of the list.

Apple makes it easy to store and use these with iCloud Keychain. With it, your iPhone, Mac, etc. remembers passwords for you, and automatically inserts them into websites and apps. All you have to do is verify your identity with Face ID or Touch ID.

This make it easy for you to use strong passwords and change them periodically because you never have to remember them. Your computer remembers for you.

If you don’t ever change them, you’re opening yourself up to a criminal using your password to, say, buy a bunch of products on Amazon. Or simply empty your bank accounts.

How to find insecure passwords

Beyond simply storing them, your Apple device will also warn you if passwords in iCloud Keychain have been included in a data leak. It’s easy to find which ones these are.

This feature is available on iPhone, iPad and Mac. I’m using iPhone for my example but it’s also an option on the other devices. And you have to be using iCloud Keychain, but that’s something Apple urges you to turn on whenever you set up a new device.

How to find compromised passwords
Go to the Passwords section of settings, see the Security Recommendations, then Change Password on Website.
Photo: Ed Hardy/Cult of Mac

Go to Settings > Passwords. You’ll need to go through Face ID or Touch ID to open this section, of course.

Look for the Security Recommendations section. Next to this is probably a number. This is how many security problems Keychain has found in your password list. You’ll note I have 182 – I need to take my own advice and update some passwords.

Tap on Security Recommendations to open a list of websites and applications for which your passwords have problems. You are told why for each one, with “this password has appeared in a data leak” being the most common reason.

You have the option to tap on each website for a more detailed description of the security problems. This might include a scolding on reusing passwords.

For each password you are given the option to Change Password on Website.

An example of changing a Google password via iCloud Keychain

To give you an example of how easy this is, I’ll change the password for one of my Google accounts when going through Passwords in Settings.

While looking at the list of Security Recommendations, I hit Change Password on Website, which opens the Google sign-on screen. I have to sign in to the Google account before I can change the password, of course. There’s no problem because iCloud Keychain has the user name and current password stored.

Google wants me to go through two-factor authentication so it texts me a code. I supply this and the screen to enter a new password opens.

The only hassle I run into in this process is the browser isn’t smart enough to figure out I want to create a new password, so it won’t automatically suggest a strong one. I have to come up with one on my own, then enter it twice.

Keychain then asks if I should store the new password. I tell it to do so.

And that’s it. The process is very similar with other sites. Or you could just take the iCloud Keychain as a warning and switch over to your favorite web browser, go to the website, and update the password there.

Just do it. You’ll be glad you did.

I get it – changing passwords is kind of a hassle. I’m the guy with 182 security warnings, after all. But it’s worth it.

Any day you discover someone has used one of your leaked passwords to steal money from you is a bad day. Changing your passwords goes a long way toward preventing that.