• Tara Grey

Why is Chrome Saying I Have Compromised Passwords?


Password theft has been a major problem for a while, and it’s compounded by the fact that your passwords can get breached through no fault of your own.


Even if you’ve been through PC security tutoring to help you adopt good password best practices, you can still have your user login breached through a hack of an online shopping site or another website you use.


Just to give you an example: In March of 2021, Hobby Lobby had a database hacked. The hack exposed over 300,000 customer records, including customer phone numbers, email addresses, the last four digits of their payment card, and more.


Other retailer breaches that allowed the personal information of customers to be stolen include:

  • Target

  • Marriott

  • Geico

  • Estee Lauder

  • Walgreens

Knowing that background information on how passwords and other personal information can be compromised will help this next section of the article make more sense.


Have You Seen This Chrome Password Warning? (Yes, It’s Legitimate)


When you’re trying to log into a site you visit regularly, you may have been shocked to see a popup about a password being breached.




A warning like this can immediately make someone think they’ve gotten a virus or something else is wrong with their computer.


How could their password be compromised when they’re really careful about their password security?


This popup that you see in Google Chrome is not a scam (although watch out for scammers to begin taking advantage of it!). It’s a fairly new security tool that Google and other browser providers have put in place to alert users of breaches of their passwords.


What Does Compromised Mean?


Google taps into a database of compromised records from all types of breaches, including those that I mentioned earlier (Hobby Lobby, Target, etc.). It then matches that against two things:

  • Passwords that you have saved in the Chrome browser

  • Passwords that you enter into a form

When it says a site or app exposed your password, it means that either an application or a website that you use a login for had a data breach of some kind.


You may not even know about it yet, because unfortunately, not all users get notified in a timely manner that their information has been breached.


Why Do I Need to Change My Password?


When you click the “Check passwords” button on the Google warning, you’ll find a list of sites that use passwords that have been compromised.





Each of those sites might not have been breached, but it’s listed because it’s using a password that has been compromised.


People often use the same password for different sites because passwords are hard to remember. Plus, we have to deal with so many of them daily.


Say that you use “password123” (which I hope you’re not really using!) on the following logins:

  • Online banking website

  • Task management application

  • iCloud account

If the company providing the task management application has their database hacked and your password is exposed, then all three sites would show as having a compromised password. It only takes one!


What Do I Need to Do?


When you see that password warning in Chrome, you want to do the following.

  1. Click the “Check passwords” button.

  2. You’ll now be at your password settings page in Chrome

  3. Look for the Compromised passwords heading and the text that says, “Change these passwords immediately to keep your account safe:”

  4. On the first one (and then each subsequent one), click the “Change password” button.

  5. You’ll be taken to the login page of that website. (Why? Because Chrome can’t change all your passwords for you, it can only direct you to the website so you can do it yourself.)

  6. Sign in to the site. (Note, you will see the Google password warning popup again, just cancel that this time, as you’re already addressing the issue.)

  7. You’ll now need to navigate to the area to change your password on that website. Change your password using a strong, unique password. You can find a strong password generator here.

  8. If your password is stored in Chrome, make sure to click “Update” when the popup window comes up asking you to update the stored password. If you don’t do this, then Chrome will still think that website has a compromised password, it also will no longer have the right password stored.


Note, Step 7 can be tricky because each website is going to have a different process to change your password. It’s usually found in the “My Account” area, and then you may find it in either “Preferences” or “Security.”


If you’re unsure how to get all your passwords changed, please reach out to me at the number at the end of this article and I’ll be happy to help!


While You’re Changing Your Password…


While you’re in the settings updating those compromised passwords, you should set up multi-factor authentication. This will put an extra step in place that will require the entry of a code that is sent to you by text message. This keeps hackers from getting into your account even if they have a compromised password.


Get Help Ensuring Your Passwords are Secure!


A helpful session with CompuTara to review any compromised password warnings and get those handled can take the stress out of addressing this issue.


Schedule your security tutoring session today! Call or text me at 862-368-4893 or Email me here.

References linked to:

https://www.computara.com/services

https://www.identityforce.com/blog/2021-data-breaches

https://www.lastpass.com/password-generator

https://www.computara.com/post/why-it-s-really-important-to-use-multi-factor-authentication-mfa-for-online-banking-and-other-logins

https://www.computara.com/contact

0 comments