How-To Geek

ShouldIChangeMyPassword Tells If Your Password Has Been Compromised

The last year has seen a number of high profile security breaches. ShouldIChangeMyPassword tells you if your login was among the compromised.

The biggest problem with the compromises (such as the high profile ones at Sony, Gawker, MySpace, and more) is that many people use the same password for multiple services. Once hackers know your login at one service they can then try it out at multiple services and potentially gain access to other services.

ShouldIChangeMyPassword calls on the released databases (many of the hacking groups released the compromised account databases as evidence of their successful breach) and tells you if your email as among the breached systems. We plugged in an email address we knew had been involved in at least one breach last year. Here were the results of the search:

So what do you do if your email address shows up as a breached account email address? You need to start changing your passwords. Check out our guide to recovering from a serious password breach for tips and tricks to help lock down your accounts with secure passwords. If you’re in the habit of using the same or similar passwords for most of the services you use, you should change them anyway. ShouldIChangeMyPassword only pulls from the databases that groups have released after high profile breaches; it doesn’t give you an absolute answer on whether or not all your passwords are secure.

ShouldIChangeMyPassword [via MakeUseOf]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 09/5/11

Comments (9)

  1. Gavin

    Heh. Figures, I suppose – the one time was the Gawker hack, which is what finally scared me into making all of my passwords different, anyways. Good stuff. :)

  2. Vishwanath

    This is not working anyway I put any random email id which doesn’t exists and still its showing Green signal.

  3. Luis

    @Vishwanath : It shows green because it is not on their database. It works, you just didn’t read the whole article.

  4. ColdEmbrace

    My info got leaked in the Gawker hack, that was when all my passes changed, Lifehacker and Gizmodo posted this link back when Gawker was hit.

  5. Shawn

    This link/article info is old. Why not write a useful article telling folks how to use programs like KeePass or LiberKey? People are not stupid; they know if they use a weak password or not. The ignorance lies in:

    1) Thinking they’re not important enough to get hacked (but not realizing they can simply be a gateway for more nefarious activities);

    2) Not realizing the extent of the harm that can be done with a compromised password (socially, economically, job-related, credit).

    Furthermore, this article could give SOME users a false sense-of-security if their password(s) are NOT on the list. Stop the fluff.

  6. StevenTorrey

    It seems for every site there is a required password. How does a person remember all those passwords? I would think more times than not one is safe on the internet–the sheer numbers being in your favor. But if one were to acquire an enemy via the internet, and that enemy were to focus on you as an individual, it wouldn’t be hard to hack into a computer, figure out passwords, and wreck havoc with identity theft, bank theft, or mayhem by creating posts in that name. For that reason, I would be reluctant to discuss specifics re anti-virus protection, password creation, etc. And it still comes back to the question of how one remembers all those passwords,

  7. Sherri Stoller

    Here is a link to a newsletter How-To-Geek sent out April 30, 2011. It may give you some helpful information to manage your passwords : )


  8. Jimbo

    Crap, my email “” was hacked. What to do?

    Is anyone else suspicious of a website like this? Excellent way to get email addresses to hack and/or spam.

  9. Buzypea

    @ StevenTorrey – “It seems for every site there is a required password. How does a person remember all those passwords?”

    This is how I do it….

    Just remember one strong password with numbers etc. Then (now this is just an example) take the 3rd and 5th letters from the URL of the website you are visiting and add to the start or end of your already strong password. You then have a unique password for every site but only have to remember one password.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!