Your password has been compromised, here's what to do about it

September 2, 2016

Nick Gravel

With the news of yet another tech company getting breached, Dropbox this time, we highly suggest heading over to to check if your email(s) are associated with accounts that have been compromised.

Many of you most likely use the same password across many services; if a hacker cracks it on a service like Dropbox, they will try your credentials on other services... perhaps at your online banking site, PayPal account, email provider, etc.

As far as I know, my personal email is associated with 6 data breaches so far:

  • Abode
  • Dropbox
  • LinkedIn
  • MySpace
  • Tumblr

At one point in time, my Adobe and LinkedIn credentials (both compromised) were the same for my Gmail and PayPal accounts. You should take a few minutes out of your day and do the following:

  1. Check if your email is associated with compromised accounts here:
  2. Change you password on compromised accounts immediately.
  3. If that password was used elsewhere, change the password on those accounts as well. All of them. It sucks, but do it.
  4. Do it!

Basic Password Tips:

  • Use a long password, ideally 10+ characters long w/ mixed lower-case/upper-case/numbers/symbols. To make it easier to remember I suggest setting your password to something meaningful. For example, IllHave2Vodkas! is incredibly hard to crack and yet easy to remember.
  • Learn about multi-factor authentication (sometime called 2-step authentication), then enable it whenever you can. Gmail,, and many others now offer this heightened security feature. How it works in a nutshell: after you enter your username/password, a time sensitive token must be provided as well. You'll set this up on a mobile app such as Google Authenticator or Authy (I like one because it has backup options), and your account will be exponentially harder to access by malicious asshats.
  • Learn about password managers. We use 1Password.