As internet security reporter Brian Krebs points out in a recent blog post, a company asking you to change your password doesn’t necessarily mean your account has been specifically targeted, nor that your data was seized by hackers due to poor security measures. It may simply be a proactive measure on behalf of the company to help you maintain the security of your account.
Large companies actively cross-check their hashed user data — like your secure password — by using these same hashing mechanisms to convert plaintext passwords found in various data breaches. If these hashed passwords match up against the hashed data already found in the company’s database for a user, that person is asked to update their password.
So this may be a good proactive measure, unlike unrecognised attempts or a lock-out, but the ability to compare your password in this fashion also usually means your service provider can easily also reset your password to gain access to your account, unlike services where if your password is forgotten so is your data.
Some good practical tips also about passwords at #^https://lifehacker.com/when-a-company-asks-you-to-reset-your-password-should-1837516590
#passwords #security
#^When a Company Asks You to Reset Your Password, Should You Be Worried?
We try our best to keep Lifehacker readers aware of recent data breaches and security vulnerabilities that might have compromised their data. Any good website or service should tell you what’s up, too. Sometimes, though, you get an email out of the blue that your account credentials have been compromised—even though the company sending you that information is just fine.