When A Company Asks You To Reset Your Password, Should You Be Worried?

We try our best to keep Lifehacker readers aware of recent data breaches and security vulnerabilities that might have compromised their data. Any good website or service should tell you what’s up, too. Sometimes, though, you get an email out of the blue that your account credentials have been compromised — even though the company sending you that information is just fine.

What gives?

As internet security reporter Brian Krebs points out in a recent blog post, a company asking you to change your password doesn’t necessarily mean your account has been specifically targeted, nor that your data was seized by hackers due to poor security measures. It may simply be a proactive measure on behalf of the company to help you maintain the security of your account.

Large companies actively cross-check their hashed user data—like your secure password—by using these same hashing mechanisms to convert plaintext passwords found in various data breaches. If these hashed passwords match up against the hashed data already found in the company’s database for a user, that person is asked to update their password.

It’s also important to note that these notifications are not the same as unrecognised login attempts or password change requests, which are an indication that someone is trying to actively access your account. While the latter scenario requires a more urgent response, both should be taken seriously—change your password and update your security measures whenever asked, and do it with haste.

That said, passwords are notoriously poor security measures on their own. When you get a note from a company that your password was compromised in an unrelated data breach, consider it a great opportunity to brush up on your password security—as well as all the other security techniques that can keep you safe:

Comments


One response to “When A Company Asks You To Reset Your Password, Should You Be Worried?”

Leave a Reply