compromised password safari notification

• Apple Watch
• Accessories
• Digital Magazine – Subscribe
• Digital Magazine – Info
• Smart Answers
• Let Loose iPad event
• New iPad Air
• iPad mini 7
• Best Mac antivirus
• Best Mac VPN

When you purchase through links in our articles, we may earn a small commission. This doesn't affect our editorial independence .

When Safari flashes a ‘Compromised Password’ warning, pay attention

I brought up a Start Page in Safari 15 and a banner at the top read “Compromised Password.” I first thought that I must have been redirected to a website that looks like the Safari Start Page. The alert looked just like the kind of phishing technique that would lure someone in to entering the password for a site they weren’t visiting.

But on closer examination and a little research, I realized it was legitimate. I’d never received this kind of alert from Apple in Safari, despite the feature first appearing in operating system releases in the third quarter of 2020. (That makes me lucky.)

Because any legitimate security alert will be duplicated and impersonated by phishers and scammers, you can validate that it’s genuine by visiting one of the following locations:

• In iOS or iPadOS, go to Settings > Passwords .
• In Safari, go to  Safari > Preferences > Passwords .
• In macOS 12 Monterey, use Safari or the Passwords preference pane.

In each of those locations, you’ll see an alert about the password in question. If you dismiss the alert in Safari, it won’t appear, however.

Tap or click Change Password on the website, and Apple opens a browser window (within Passwords in iOS/iPadOS) where you can log in and then change your password, and agree to store the new one when the operating system prompts you to update the stored entry. If the site includes a configuration file in a special location , Apple opens directly to a web page for that site where you can change your password without further navigation.

While fixing one password, you can review others. At the top of the Passwords list in iOS, iPadOS, and macOS, there’s a Security Recommendations heading (tap it in iOS/iPadOS). You can scroll through a list of potentially compromised passwords, as well as those that the password system has identified as weak or used by two or more sites. Change those to reduce the risk of having accounts hijacked.

And, while you’re at, sign up for notifications at  Have I Been Pwned? , a website that emails you if email addresses you register with the site appear in a data breach—one that’s dumped in a public repository, or found by researchers. 1Password relies on this database, while Apple seems to consult it along with other sources.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to  [email protected] , including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.

Author: Glenn Fleishman , Senior Contributor

Glenn Fleishman ’s most recent books include Take Control of iOS and iPadOS Privacy and Security , Take Control of Calendar and Reminders , and Take Control of Securing Your Mac . In his spare time, he writes about printing and type history . He’s a senior contributor to Macworld , where he writes Mac 911.

Recent stories by Glenn Fleishman:

• Apple Thunderbolt Display requires native Thunderbolt, not just USB-C
• How to find out what devices are logged into your iCloud account
• How to make noncontiguous selections in Pages, Numbers, and Keynote

What to Do If You Get a Safari Compromised Password Alert in macOS

Password alerts can be scary and you should always treat them with caution. Learn how to deal with this specific type on your Apple computer.

Apple is always improving security in macOS, and, as a portal to cyberspace, Safari is often at the forefront of those improvements. Several of the browser’s built-in tools undoubtedly make using the internet safer.

If you’ve launched Safari and seen a “Compromised Password” alert, you’ve likely encountered a very handy security feature. Ideally, you should investigate all warnings that appear on your Mac, but you should also be wary of potential scams. Let’s discuss Safari password alerts in more detail and explain how to fix the issue.

Safari Password Alerts Explained

While a “Compromised Password” notification might look like a phishing attempt, the warning could also be real. If they discover a data leak containing one of your passwords stored in Safari, Apple does notify you with an alert.

Fraudsters could, however, attempt to use a fake pop-up to steer you towards an illegitimate website. If you see a “Compromised Password” warning, you should investigate the issue in your Safari settings. Do not click any suspicious links.

Other less-concerning alerts may also appear among your Safari saved passwords. Possible warnings include “Reused Password” and “Easily guessed password”.

Related: How to Create an Unbreakable Password You Won’t Forget

“Reused” means you’ve used the same password multiple times, which increases the risk of someone gaining access to those accounts. If a website leaks your data, hackers may gain access to your accounts on other sites with the same password, as well as the original site.

“Easily guessed” means you’ve used a password that Apple considers too common. Many websites now have strict password requirements and won’t accept weak login credentials. Short and simple passwords, or those that use familiar patterns, may provoke a warning in Safari.

If you receive any of the alerts mentioned, you should take steps to fix the issue.

Fix Safari Compromised Password Alert in macOS

When attempting to resolve a “Compromised Password” alert in Safari, you should first check to see if the warning is real. Here’s how:

• Go to Safari > Preferences > Passwords .
• Enter your Mac login password or use Touch ID when prompted.
• Locate and select the appropriate entry under Security Recommendations .
• Examine the details of the alert to determine if the threat is real.

If no warning exists within the Safari preferences, you may have encountered a phishing attempt. If, however, the same alert does appear, you should change the password for that account immediately.

Below the warning, a Change Password on Website button should be present. Clicking it will take you to the relevant page where you should be able to reset the password for the affected account.

Related: Features in Safari for Mac That Boost Privacy and Security

While you’re in the Safari password preferences, you should also check for minor warnings against other saved credentials. Other alerts may not be as urgent as a confirmed data leak, but you should always strengthen security whenever you get the chance.

Once you’ve reset any weak or compromised passwords, logging in and saving the updated entry in Safari should clear the alert.

If you really want to prevent Apple from warning you about future data leaks, you can do so. Simply untick Detect compromised passwords in Safari > Preferences > Passwords . However, we don’t recommend disabling any security features without good reason.

Safari Security Is Getting Tighter

Hackers, scammers, and fraudsters are constantly trying to outsmart us and gain access to our private data. Fortunately, major developers put a lot of effort into increasing security with each new software release.

Safari’s security features are multiplying and becoming more robust, which is good news for us. Notifications about compromised passwords are welcome. Any tool that helps protect us and our private information is worth embracing.

Sometimes small changes can have a huge impact, and knowing when a site has leaked your password is certainly useful.

BreachSight

Vendor risk, trust exchange, product features, vendor risk assessments, security questionnaires.

• Security Ratings

Data Leaks Detection

• Integrations

AI Autofill

• Financial Services

eBooks, Reports, & more

This password has appeared in a data leak: how to respond.

Catherine Chipeta

“This password has appeared in a data leak, putting this account at high risk of compromise. You should change your password immediately” – if you own an iPhone or iPad running on iOS 14 or above, you may have received this worrying message lately. Apple rolled out this feature across both devices and Macs as a cybersecurity feature.

If you have received this notification, you might be wondering what it means and what to do next. Read on to learn more.

What is Apple’s Data Security Recommendations Feature?

Apple’s “Security Recommendations” is a password monitoring feature that aims to provide iOS users with additional warning of any data leaks . Security Recommendations ensures users can update their passwords before a data breach occurs, reducing the risk of identity theft or fraud. 

Many cybersecurity regulations require organizations to update customers on where and how their information is being stored. They also must provide alerts and advice when there is a data leak or data breach . 

If user credentials are compromised in a data breach , organizations face hefty fines and serious legal and reputational implications – especially in the healthcare sector and financial industry . 

Learn how to respond to the MOVEit Transfer zero-day >

What is a Data Leak?

A data leak is a security incident where sensitive data is accidentally exposed. Data exposure can occur either electronically or physically. 

• Electronic data leaks often occur when sensitive data is found on the Internet, e.g., through cloud leaks .
• Physical data leaks often occur through lost devices, such as hard drives, laptops, or cell phones.

Unlike a data breach, cybercriminals don’t have to carry out cyber attacks to access sensitive data. Data leaks are usually the result of sub-par data security practices or human error. 

Cybercriminals actively look for data leaks as an easy attack vector into an organization’s systems. Any exposed data will likely result in a data breach without prompt remediation. Once cybercriminals find sensitive data, they can use it for several purposes:

• As part of a larger cyber attack on an organization’s systems, such as data exfiltration ,
• To carry out social engineering scams ,
• To carry out a ransomware attack , or
• To commit identity theft or fraud by selling personally identifiable information (PII) on the dark web .

Learn the difference between data leaks and data breaches >

Why Did I Receive An Apple Data Leak Alert?

Apple’s Security Recommendations feature automatically monitors iCloud Keychain users’ saved passwords for data leaks. Similar to haveibeenpwned.com , it checks your credentials against recognized databases of leaked passwords. The feature alerts you if your password has been exposed in a data leak through one of your saved accounts. 

You’ll receive a notification when you next attempt to log in to any affected accounts, prompting you to change your password or ignore the alert (not recommended).

You’ll be given the option to “Change password on website” or to dismiss the alert with “Not now” . It is strongly recommended that you change your password immediately to prevent further compromise. 

You can also use the in-built Security Recommendations feature to check the overall health of your saved passwords at any time. 

Learn how to respond to the Fortigate SSL VPN vulnerability >

How To Use Apple Security Recommendations

Security Recommendations is located in the Settings App. To access it:

• Open Settings > Passwords > Security Recommendations (you will be prompted to enter your passcode for access).

• Toggle on the “Detect Compromised Passwords”. You can toggle this off at any time, but you will be at high risk of having your personal information compromised.

The screen will display a list of High Priority password security issues, with one of three alerts:

1. “This password has appeared in a data leak, which puts this account at high risk of compromise. You should change your password immediately.”

Data leaks are the first step to a data breach. If you receive this alert, your sensitive data is in danger – it’s strongly recommended to follow the notification’s prompts. 

2. “You’re reusing this password on other websites which increases the risk to this account if one of those other accounts is compromised.” 

Re-using passwords has a domino effect if a data leak occurs, leaving all accounts that reuse this password at risk of compromise. 

3. “This password is easy to guess.”

Cybercriminals’ hacking methods are becoming more sophisticated by the day. Weak passwords are easier to crack and hackers are more likely to gain unauthorized access to your account if you are using one.

Read Apple’s Guide to Password Security Recommendations.

How To Protect Against Data Leaks

Use password managers with caution.

Password managers are a popular choice for users looking to store their credentials efficiently, without the pain of memorizing countless unique passwords. All major browsers currently include password management functions, including Safari, Chrome, and Firefox.

There are also many third-party password management solutions, like 1password and LastPass. They operate by storing a single master password, secured by strong encryption algorithms and methods , such as hashing.

While these solutions use strong cybersecurity methods to ensure the protection of your personal information, it’s important to remember that all third-party providers carry risks . For example, LastPass was targeted by hackers in a data breach in 2015 . While master passwords remained safe, other sensitive data was compromised, including:

• User email addresses
• Password reminders
• Server per user salts
• Authentication hashes

Learn how to avoid data breaches with this free guide >

Keep Your Software Up To Date

Zero-day vulnerabilities emerge daily and developers work quickly on software patches before cybercriminals exploit them . These security updates are only effective if users are also quick to install them. While updates can be a slight inconvenience, allowing a cybercriminal to gain access to your personal information is much worse. 

Get a free evaluation of your organization's data breach risk, click here to request your instant security score now.

Change Your Password Regularly 

Many apps and services require you to update your password regularly to maximize account security. For those that don’t, it’s still best practice to do so. Periodic updates create a smaller window of opportunity for hackers in the event of a data breach and serve as an ongoing reminder of what accounts you have active. 

Delete Inactive Accounts

Accounts use no longer use are an easy target for cybercriminals as their security protection is more likely weaker than that of your frequently used services. Keeping track of all your accounts and deleting any inactive ones is a simple way to decrease your vulnerabilities and maintain visibility over your attack surface .

Set Up Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA)

Harsher regulations for third-party data breaches means organizations (especially SaaS products and services ) are focused on enhancing account security. Most reputable online services require or at least strongly recommend setting up 2FA or MFA to secure account access. These mechanisms provide additional protection against account compromise by prompting extra authentication, such as biometrics , security codes, or one-time passwords (OTPs). 

Create Unique and Strong Passwords

Weak passwords leave your accounts vulnerable to brute force attacks , a popular credential-guessing method used by hackers to gain authorized access to sensitive data. If one password is exposed in a data leak, then all accounts that use the same password are now at risk too. Creating new passwords across all accounts costs time, but a hacker accessing your credit card details will cost you money. 

Learn how to create a secure password >

Watch the video below for an overview of UpGuard's data leak detection features.

Reviewed by

Kaushik Sen

Ready to see upguard in action, ready to save time and streamline your trust management process, join 27,000+ cybersecurity newsletter subscribers.

Related posts

The top cybersecurity websites and blogs of 2024.

14 Cybersecurity Metrics + KPIs You Must Track in 2024

What are security ratings cyber performance scoring explained, why is cybersecurity important, what is typosquatting (and how to prevent it), introducing upguard's new sig lite questionnaire.

• UpGuard Vendor Risk
• UpGuard BreachSight
• Product Video
• Release notes
• SecurityScorecard
• All comparisons
• Security Reports
• Instant Security Score
• Third-Party Risk Management
• Attack Surface Management
• Cybersecurity

About Apple threat notifications and protecting against mercenary spyware

Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks.

Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.

According to public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group. Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global. Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total. The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.

If Apple detects activity consistent with a mercenary spyware attack, we notify the targeted users in two ways:

A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com .

Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

These notifications provide additional steps that notified users can take to help protect their devices, including enabling Lockdown Mode .

Mercenary spyware attacks are exceptionally well funded, and they evolve over time. Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously. We are unable to provide information about what causes us to issue threat notifications, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.

Apple threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone. To verify that an Apple threat notification is genuine, sign in to appleid.apple.com . If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in.

If you have received an Apple threat notification

We strongly suggest you enlist expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website . Outside organizations do not have any information about what caused Apple to send a threat notification, but they can assist targeted users with tailored security advice.

Guidance for all users

All users should continue to protect themselves from general cybercriminals and consumer malware by following best practices for security:

Update devices to the latest software, as that includes the latest security fixes

Protect devices with a passcode

Use two-factor authentication and a strong password for Apple ID

Install apps from the App Store

Use strong and unique passwords online

Don’t click on links or attachments from unknown senders

If you have not received an Apple threat notification but have good reason to believe you may be individually targeted by mercenary spyware attacks, you can enable Lockdown Mode on your Apple devices for additional protection. If you require emergency cybersecurity assistance for other reasons, the Consumer Reports Security Planner website offers a list of emergency resources that may be able to assist you.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Explore Apple Support Community

Find what’s been asked and answered by Apple customers.

Contact Apple Support

Need more help? Save time by starting your support request online and we'll connect you to an expert.

How To Find Reused And Compromised Passwords In Safari

Many of us are guilty of using one password for all of our online accounts. It's not hard to see why — doing so is convenient and easier to remember. Passwords are a headache, and keeping track of them for your many online accounts can get tiring fast. But reusing passwords is a huge security risk . Your accounts could be easily compromised if hackers get ahold of your passwords in data breaches or phishing attacks. It's the same thing if you use a password that can be easily guessed.

Apple is known for ensuring and preserving top-notch user security on its devices, and the recent version of Safari has a feature  called Password Monitoring that lives up to that reputation. This feature will offer security recommendations to alert you when your passwords are weak, reused, or leaked, allowing you to make smarter security decisions. Here's how to use that feature to find reused and compromised passwords in Safari.

How to view compromised passwords in Safari on macOS

The macOS version requirement to use this feature is Big Sur or Monterey, but it worked fine in Catalina, as well. To get started:

1. Launch Safari on your Mac.

2. Once a new Safari window opens, click on Safari in the menu bar and select Preferences from the dropdown menu.

3. You should see a popup menu of Safari preferences — you'll be under the General section by default. Select Passwords from the top menu to manage your saved passwords.

4. At this point, you'll have to enter your system password to access your saved passwords.

5. Once you're in, you'll see a list of all your stored passwords. If you see a yellow warning icon next to any of the passwords, that means Safari has a security recommendation for it.

6. Tap the warning icon on the password to know its security status. If a password has been overused, if it is easy to guess, or if it has been compromised in a data breach, Safari will add a short comment. There'll also be a link to the appropriate page so you can change your password (via Apple Support ).

Whenever Safari is auto-filling your passwords in any field, you may also get a Compromised Password alert notifying you to change a password because it is weak, reused, or leaked.

How to view password security recommendations on iPhone and iPad

You can also take advantage of this feature on iOS to detect compromised passwords on your iPhone (via Apple Support ), and as you likely expect, the same steps will also work on the iPad to reveal any accounts that should have their passwords updated. To see these recommendations on an iPhone or iPad, you'll need to:

• Tap the Settings app, scroll down, and then tap the Passwords menu.
• You'll have to verify your identity with either Face ID or Touch ID before you can gain access to Keychain data.
• Next, tap Security Recommendations right above the list of passwords.
• Tap on an account to see more details about its security status. If any of your accounts are using a password that's weak, easy to guess, or has been compromised in a data leak, it will be displayed here.

Tap Change Password on Website to change your password to something more secure.

If you're concerned about the security of Apple's processes for reviewing your passwords, the company's passwords and privacy policy will put your mind at ease. Safari uses "strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords," according to the company, in a way that still keeps your password information private — even from Apple. If you ever get a Compromised Password alert that seems suspicious, you can always use the steps above to verify that the prompt is from Apple itself, not scammers or hackers.

6 signs you have a compromised password and how to fix it

• A compromised password is still in the realm of possibility despite how careful you are with your online logins.
• You can check Have I Been Pwned to see if you've been compromised, or use a password checker built into Windows, Mac, iPhone, Android, or Chrome. 
• Here's how to see if any of your passwords have been compromised on a variety of devices and browsers.

For years, technology pundits have talked about replacing passwords with better technology, but for now, we are still ruled by passwords — often hundreds of them for all the devices, apps, services, and websites we routinely visit. And despite our best efforts at creating strong and secure passwords, they sometimes get compromised. Do you have any compromised passwords on your phone or computer? Here are some ways to find out.  

Signs your password has been compromised

Unfortunately, the implications of having a compromised password are dire, and most of the obvious warning signs are evidence that you've already been hacked, which is hardly ideal. That's why you should proactively check for compromised passwords occasionally, and don't wait until catastrophe strikes. Here are the top signs you might have a compromised password.

• A website notifies you that someone has changed your password . Hackers may try to change the password of a website or service after gaining access with a cracked password. This way they can take control away from you, the rightful owner. Thankfully, many websites send a confirmation email after changing the password, or ask you for confirmation with a second-factor authentication. If you get notified of a password change, your password has likely been compromised and you should take action quickly to protect your account. 
• You see changes to a website or account you didn't make . If a hacker successfully logs into one of your accounts, you might see changes that you didn't do yourself. If so, take immediate action to change the password before the hacker does, which could potentially cause you to lose control of your account entirely. 
• You find your password at HIBP . Troy Hunt, a Microsoft executive, operates a helpful website called HIBP (Have I Been Pwned). You can enter your credentials here to see if you have any compromised accounts. It's a fast, easy, and safe way to check on your overall security. 
• You see your password listed in a leaked password checker . On a regular basis, you should check your passwords using a tool built into your Mac, Windows, iPhone, or Android. You need to perform this check yourself because it is not automatic. 
• Your info appears in a password dump . On a depressingly regular basis, there are news reports of major hacks that include huge collections of leaked passwords. When such news stories break, there are often websites or tools provided so you can check to see if your own credentials were captured. 
• Someone tells you that you've been hacked . If a friend, colleague or family member informs you that they received something unusual from one of your accounts or noticed odd behavior from you online, consider yourself hacked and take immediate action to see if you can access the account and change the password. 

How to find compromised passwords on a Mac

If you have macOS Monterey, you can use the built-in password checker to see if any of your passwords are potentially compromised. 

1. Click the Apple icon at the top left of the desktop and then click System Preferences .

2. Click Passwords . You may need to enter your password to continue.

3. On the Passwords page, you can browse your potentially compromised passwords. Click any entry for more details, and click Change Password on Website to update it.

How to find compromised passwords in Windows

Unfortunately, there is no general-purpose password checker in Windows, but Microsoft includes one in its Edge browser. If you use Edge, you can use that tool, though if you mainly use Chrome, you'll want to use the dedicated password checker in that browser instead. 

1. Start the Edge browser.

2. In the address bar at the top of the screen, enter: edge://settings/passwords/PasswordMonitor and press Enter . 

3. In the Leaked Passwords section, click Scan now . 

How to find compromised passwords in Chrome

You can use the built-in password checker in Chrome to find compromised passwords.

1. In the Chrome browser, click the three-dot menu at the top of the screen and in the drop-down menu, choose Settings .

2. On the Settings page, click Privacy and security .

3. In the Safety check section, click Check now .

4. When the safety check is complete, click Review to the right of Password Manager .

5. On the Check passwords page, you can browse the list of potentially compromised passwords. Click Check password for any entry to let Chrome help you update the password.

How to find compromised passwords on an iPhone

Apple includes a password manager for Safari on your iPhone, and you can use it to get security recommendations which will reveal if there are any known compromised passwords. 

1. Start the Settings app on your iPhone.

2. Tap Passwords . 

3. On the Passwords page, tap Security Recommendations . 

4. On the Security Recommendations page, you can browse the passwords which pose security risks. Tap the entry for more details or tap Change Password on Website to go to the site and perform a password reset.

How to find compromised passwords on an Android

Much like in the desktop browser version of Chrome, Chrome on Android has a password checker built in. 

1. Start the Chrome app on your Android device. 

2. Tap the three-dot menu at the top of the screen. 

3. Tap Settings , then tap Passwords .

4. On the Passwords page, tap Check passwords .

5. After a moment, you'll see a list of all the saved passwords which may pose a security threat. Tap Change password to let Chrome assist you in changing the password. 

• Main content

Tips & Tricks

Troubleshooting, how to check for compromised or leaked passwords on iphone & ipad with security recommendations.

Have you ever wondered if the passwords to any of your online accounts have been compromised in a data breach? You’re certainly not the only one in that regard, but now you can now check for breached password security easily right from your iPhone and iPad.

In the latest versions of iOS and iPadOS (14 and later), Apple has added a security feature called “Security Recommendations” that would provide security alerts for the passwords stored on iCloud Keychain. If one or more of your accounts use a password that’s easy to guess, uses a sequence like 123, or a password that was previously leaked on the web due to a data breach, you will be alerted and prompted to change the password for those accounts.

Do you want to make sure that none of the passwords you use pose a security risk? This article will cover how to check password security recommendations on both your iPhone and iPad.

How to Check Password Security Recommendations on iPhone & iPad

Since this is a feature that was introduced alongside modern versions of iOS and iPadOS, make sure that your device is running iOS 14/iPadOS 14 or later before going ahead with the procedure. Assuming you’re on a modern system software version, here’s all you need to do next:

When browsing through the list, you may see a notice saying something like “ This password has appeared in a data breach, which puts this account at high risk of compromise. ” and if you do, that’s a good indicator to change passwords associated with that account or reused elsewhere.

Assuming you followed along, you’ve now learned how to check for Security Recommendations related to your online accounts stored on iCloud Keychain . That was pretty easy, right?

Thanks to this feature, you can easily make sure that none of the passwords that you use are weak, or compromised in a data breach. This helps to minimize the security risks associated with having online accounts, particularly if you share passwords between services (which is generally not recommended by security experts, but many users do it anyway out of convenience).

If you’re wondering how this feature works and the privacy implications of it, according to Apple; “Safari uses strong cryptographic techniques to regularly check derivations of your passwords against a list of breached passwords in a secure and private way that doesn’t reveal your password information — even to Apple.”

Don’t forget you can also manually add passwords and logins to Keychain on iPhone and iPad too if you want them to be checked by this feature.

In addition to this, Apple has made some huge improvements to privacy with modern iOS and iPadOS releases. Thanks to features like Approximate Location, Limited Photos Access, Privacy Report, and recording indicators, users now have complete control over what data third-party apps and developers are able to access from their iPhones and iPads. Check out more privacy specific tips and tricks here if the subject interests you.

We hope you were able to use Security Recommendations to check and update weak or leaked passwords. What’s your take on Apple’s game-changing privacy features? Have you been enjoying the other new additions to iOS 14 so far? Do share your valuable opinions and experiences in the comments section down below.

Enjoy this tip? Subscribe to our newsletter!

Get more of our great Apple tips, tricks, and important news delivered to your inbox with the OSXDaily newsletter. 

You have successfully joined our subscriber list.

Related articles:

• How to Check for Reused & Compromised Passwords in Safari for Mac
• How to Change Keychain Password on Mac
• MacOS High Sierra Security Bug Allows Root Login Without a Password, Here’s a Fix
• How to Reset Notes Password in iOS

» Comments RSS Feed

After enduring the worst cyber warfare and identity theft, now confirmed by the Magistrates Court, I’ve come across something that could cripple us through a cyber attack.

Apple devices are being compromised through the Log4Shell exploit. This exploit allows total control through the back end and uses whats known as zero click installation of spyware. This spyware is not installed by clicking on a malicious link, or answering a malicious call. When someone calls you, even not answering that number will allow the malicious connection.

This exploit was listed as critical by the Australian Government in December 2021, but they don’t understand how critical this is.

Apple apps like Messages, Stocks, Translate, and other apps that the user can’t remove, are being used to access peoples devices through Log4Shell exploits.

Why is this so terrible? Once access is gained, your device is constantly broadcasting a Bluetooth and wifi connections that can’t be turned off. It also can’t be seen as the controls are deep within the Accessibility menu, not in the main Bluetooth and wifi setting menus.

Somehow, this spyware and exploit installs a virus on your home wifi. From there, anything that it is connected to (including all smart home products) are infected. I’ve found this virus in phones, modems, smart tv’s, even car stereos. While we watch the physical pandemic taking place, under our noses is the real threat – a cyber pandemic, where this e-virus infects anything we connect to, and connects outbound to spread it to others. I never turn on my Mobile Hotspot EVER. Yeah I have a growing list of hotspot connections with data transferred.

Without you knowing, all your travels, allow anyone around you to connect to you, and download your personal info from your device within seconds – phone serial number, financial details and mobile carrier details (imei, sim info,) everything.

Remember the old credit card skimmers? It’s like that, only the person walking or more so, driving past you that looks innocent, is in fact harvesting every detail about your life in a brief passing. Intently. Your identity gone. In a drive by. Just like what happened to me.

Where the fun starts is that this issue allows your phone to be mirrored 24/7. Everything done of your screen recorded. Camera and microphone on all the time.

So how can this be found?

I download legit apps through the App Store then when opened the screen jumps, and in a micro second, the web page appadjust.com disappears, then I’m left with what looks like a kindergarten kid developed the app. I was wondering why my Trend Micro app wouldn’t work, and how my home security app could have the logs deleted remotely, and that’s because the app that I’m left with isn’t secure, but looks like it is. Check the app version number vs that listed on Google as the most recent and the numbers are very different. Read the app license information and the app has no connection to the actual company’s app that you wanted to download.

There is a Chinese and Japanese Keyboard in my iCloud backup settings that I can’t find or delete elsewhere. I only speak English and wonder why an English keyboard isn’t listed. The only keyboard I use. No one at Apple can explain why it’s there. Apparently everyone has it set like that, but if it can’t be explained, there’s bigger issues. Here’s just one access point.

The calls I’m waiting to receive are silenced so I can’t hear them, nor do they show in my notifications… they show as a missed cal in my logs and nowhere else.

This is absolute cyber warfare, and an electronic takeover. Only it’s not just happening to me, there’s others I know in the same boat.

This is very new, very advanced, and has the ability to cripple anything we connect to, in such a devious and hidden way that can only be uncovered by second guessing the settings we barely use. They’re targeted because we never use them, and don’t understand them, so we ignore them. The Accessibility menu in iPhone iOS holds the key to how these criminals can use our devices to spread this crippling virus that doesn’t go away no matter how many factory resets.

This shows that our highest level of cyber security is not enough now. A factory reset now doesn’t remove this virus, and we are spreading this virus to everything we connect to. Think about that. An electronic virus that is now the same as a physical virus, it spreads itself. Advanced huh ?

I have dozens of screenshots to show evidence of everything I’ve listed happening, along with screenshots of all my attempts to notify the AFP of this activity blocked.

Great post. Unfortunately the the Apple tool has a very aggravating problem. The “Update password on website” tool does not update the password in the keychain. If you haven’t copied down the long “strong” password you are totally hosed the next time you try to log in from your device! I had to type in the long password that I had fortunately written down and only then did I get a prompt to update my keychain.

Another service that does a similar function is https://haveibeenpwned.com/ .

Leave a Reply

Name (required)

Mail (will not be published) (required)

Subscribe to OSXDaily

• - How to Hide iPhone Keyboard When It’s Covering Buttons & Won’t Go Away
• - How to Use AirPods with Apple TV
• - 6 Useful Apple Watch Tips
• - What do Blue Underlines on Text Mean in Microsoft Edge?
• - Fixing Apple Watch False Touch & Ghost Touch Issues
• - Beta 3 of iOS 17.5, macOS Sonoma 14.5, iPadOS 17.5, Available for Testing
• - Apple Event Set for May 7, New iPads Expected
• - Beta 2 of iOS 17.5, iPadOS 17.5, macOS Sonoma 14.5, Available for Testing
• - Opinion: Shiny Keys on MacBook Air & Pro Are Ugly and Shouldn’t Happen
• - MacOS Ventura 13.6.6 & Safari 17.4.1 Update Available

iPhone / iPad

• - How to Use the Latest GPT 4 & DALL-E 3 Free on iPhone & iPad with Copilot
• - How to Bulk Image Edit on iPhone & iPad wth Copy & Paste Edits to Photos
• - What Does the Bell with Line Through It Mean in Messages? Bell Icon on iPhone, iPad, & Mac Explained
• - iOS 16.7.7 & iPadOS 16.7.7 Released for Older iPhone & iPad Models
• - Beta 4 of macOS Sonoma 14.5, iOS 17.5, iPadOS 17.5, Available for Testing
• - How to Customize the Finder Sidebar on Mac
• - How to Uninstall Apps on MacOS Sonoma & Ventura via System Settings
• - Make a Website Your Mac Wallpaper with Plash
• - 15 Mail Keyboard Shortcuts for Mac
• - What’s a PXM File & How Do You Open It?
• - Fix a Repeating “Trust This Computer” Alert on iPhone & iPad

About OSXDaily | Contact Us | Privacy Policy | Sitemap

This website is unrelated to Apple Inc

All trademarks and copyrights on this website are property of their respective owners.

© 2024 OS X Daily. All Rights Reserved. Reproduction without explicit permission is prohibited.

This Password has Appeared in a Data Leak: Security Recommendations on iPhone

iCloud Keychain users might have seen this message about their passwords. If you have seen this, you may be a little (or more than a little) worried. What does this mean? Does someone have access to your accounts somewhere? Which ones and what should you do?

The message says: This password has appeared in a data breach, which puts this account at high risk of compromise. Likewise, you may also see a warning message saying “Compromised, reused password”.

See also: Keychain not working?

In this article, we will explain what it means to say that your password has appeared in a data leak, what you should do about it and how to prevent your passwords from being compromised in the future.

See also: Wi-Fi Weak Security Message on iPhone or iPad: WPA/WPA2 (TKIP) Not Considered Secure

Keychain Passwords and your Security Recommendations

When you use iCloud Keychain, your passwords are saved and updated across your devices: iPhone, iPad, and Mac. To find information about your saved passwords on your iPhone, go to Settings > Passwords. Here you can change some of your Keychain settings and edit or delete passwords from Keychain. If there are any Security Recommendations, you will see a warning here. Tap to learn more about the warnings and which passwords are involved.

See also: How To Manage Web Site Usernames & Passwords In Safari (iOS and macOS)

There are a few different warning messages you may see regarding your passwords. If there is anything “high risk” about one or more of your passwords, the warning messages will appear near the top of the page under High Priority. The most concerning is the one from the title of this article: This password has appeared in a data leak, …

Another message will tell you that you are reusing a password.

You can also see other password security messages under Other Recommendations. Here the messages you might see are: Reused password or Easily guessed password.

From the Security Recommendations page, you can tap on the message to see more information about your login credentials for that website. You will see your User Name, Password and the last date your password was modified.

See also: Set Up a New iPhone: How to Transfer Data from your Old iPhone

What Should you Do?

For any of these password security issues, you should change your password. Your passwords should be unique (i.e. not reused), and should not be easy to guess.

See also: Forgot your iPad Passcode? How to Reset to Factory Settings

Reused Password

The main issue that comes with reusing a password is that if your password is gathered in a data breach that affected one of your accounts, that password could be used by hackers to access other accounts where you have reused that same password.

See also: How to Import Chrome or Firefox Passwords to iCloud Keychain on Mac

Password that has Appeared in a Data Leak

You definitely need to change the passwords that have appeared in a data leak. If you see this message, your user ID and password have been compromised. This means that someone can use this information to gain access to your account.

See also: Safari Says: Not Secure. What Does It Mean?

You may be wondering how Apple finds out about these data leaks and knows that your info was involved. There are databases of user ID / password combinations that have been stolen from businesses and websites.

You can check if your passwords have been compromised on haveibeenpwned.com. This site collects information about data breaches. You can see which companies/websites have had data breaches, check your own passwords and set up notifications about future compromises to your accounts.

See also: How To View Saved Wi-Fi Passwords On Your Mac

Password and Security Recommendations

One thing you can do to protect your account’s integrity is to use 2-factor authentication when available. For your passwords, they should be at least 12 characters long, unique, and not be made from real words. iCloud Keychain can generate strong, unique passwords for you.

See also: How to Share Files and Folders in iCloud Drive

For the passwords that show up in your iPhone’s Security Recommendations (Settings > Passwords > Security Recommendations), you can select Change Password on Website to change your password or tap on the account, then select Change Password on Website.

Recent Articles:

• iPhone Silencing your Calls? How to Fix iPhone not Ringing Problem
• Split Screen on iPad: How to Open and Close Apps
• How to Set Up Apple TV when Remote is Lost or not Responding

Dr. Stacey Butler is a tech writer at macReports covering news, how-tos, and user guides. She is a longtime Mac and iPhone user and holds a Ph.D. from the University of Illinois at Champaign-Urbana. She is a former faculty member and a math teacher. Here is her LinkedIn profile , Google Scholar profile and her ResearchGate profile . Email Stacey Butler .

Similar Posts

iPhone 14 Cellular Data Not Working, Fix

Some iPhone 14 (including iPhone 14, 14 Pro, 14 Plus and 14 Pro Max) owners seem to experience an issue where the iPhone’s cellular connection is not working as expected even when in…

Which iPhone Models Support or Do Not Support Wireless Charging

You may see a wireless charging accessory on sale, and you may want to buy it. However, you may not know if you can use it with your iPhone. Not all iPhone models…

How Do I Password Protect My Files & Folders In macOS?

This articles explains how you can password protect your folders and files on your Mac. You can assign passwords for files and folders. Everyone must enter to open the file or folder because the…

iPhone Showing a Pink Screen, How to Fix

Some users have encountered a problem where their iPhone shows a pink screen, causing the iPhone to be unusable. This can be a pink or purple screen with higher proportions of blue. Seeing…

How To Use Terminal On Your Mac

The Terminal app lets you control your Mac. In this article, we explain what is Mac Terminal,  how to use it, and what it can do for you. In many macreports.com articles, we recommend…

What to Do If You See ‘Service Recommended’ for MacBook Battery

When you click on the battery icon in the top menu bar on your MacBook, you can see information about your MacBook’s battery. You can see the charge percentage and if your MacBook…

15 Comments

I cannot remember passwords and some apps want me to type the password how on earth do I change every one of my passwords to something I can remember? Why when I changed my Apple ID on my iPad then used the link for my iPhone but later that day iPhone refuses to accept the new password for Apple ID. My iPad is working fine with it. I am not tech minded I am older how can I get help?

The link added above for “has my data been leaked” comes up with nothing, maybe Apple likes to mark files accessed by employees as “leaked” just in case, and doesn’t discuss it for appearances’ sake?

I have been a long time loyal Apple consumer like all of you as Apple has claims of tight security and great support! Well we know now, Apple has gotten sloppy,lazy and slack on all fronts and tech support or support pages to find help is a joke and I find many of the higher rated spokesperson are rude to fellow Apple consumers trying to get answers to the issues they have ! Apple now is costly bloated technology that many of use did not mind spending the extra $$ cause Apple had our backs !! This Apple iPhone 11 Pro Max and Apple iPad Air 3 gen are the end of my Apple purchases.

I’m in total agreement with you! We never had malware problems or data breaches in the past.. not to mention charging monthly for Word and other basic apps.. the wheel was not reinvented. Our loyalty won’t last long with treatment like this. Steve Jobs has got to be rolling in his grave

The word processor “Word” is made by Microsoft not Apple. Apple’s version of it is called “Pages.”

I’m changing my passwords regularly and it still shows within a week or two that my new passwords are in a data leak. Does this mean my phone is hacked? I dont see how else my new passwords are known, no duplicates used

Same thing happened to me. The next day my iPhone seems to think if I log in to things on my iPad that everything is data leaked.

Even the instagram 2-identifications code generator on my other phone was leaked by this phone. I’m thinking that apple got leaked because my passwords are different for some. Was thinking of switching phones anyways and now more than ever because iphones are no longer safe as previously implied.

Well, if you see a single notification about password in data leak – someone hacked your password for that particular website. If you see a few – you probably used same password for few of your websites.

But if you see *ALL* you passwords in the data leak – it means the key manager itself was hacked. Thanks, Apple!

If I just “delete password” on the list of problem passwords on my iPhone, what does that do? Does it solve any security issues? There are numerous data breaches and easily-guessed passwords in the list for websites I rarely visit so I don’t need a new password. I’m just not sure what hitting “Delete Password” on my phone is actually doing!

Why in the United Kingdom whenever an issue like this is raised there’s zero links nothing from apple. Supposedly most secure by looks of it because they don’t admit breaches in security!

I have 228 Security Recommendations because of a data leak? Do I need to change all of them?

I have received the same message. Makes you wonder just who had the security breach. Apple? To answe your question, according to the above, yes we have to change each and every password ‘immediately’. There does not appear to be an easy way to do this. Someone please correct me if I’m wrong.

I also have 100s of passwords that have been breached. I came here hoping for a work-around but I guess I’ll have devote many hours updating each password one-by-one.

If you use a password manager like LastPass, there are some websites that allow LastPass to update passwords automatically with a strong randomized password. Those programs also include a good password generator that you can specify the length and complexity.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories:

iPhoneTricks.org

• iPadOS 17.2
• watchOS 10.2
• HomePod 17.2
• AirPods 6.1
• Safari 17.2
• visionOS Beta
• iOS 17.2 Beta 3
• iPadOS 17.2 Beta 3
• macOS 14.2 Beta 3
• watchOS 10.2 Beta 3
• tvOS 17.2 Beta 3
• HomePod 17.2 Beta 3
• iPhone 15 Pro
• Apple Watch 9
• Apple Watch Ultra 2
• AirPods Pro 2

iPhone Compromised Password Notification (Fact Or Hack?)

iOS 14 Compromised Password notification

The Compromised Password alert is issued for high priority data breaches and usually reads: ‘The password for your [name] account has appeared in a data leak, putting your account at high risk of compromise. iPhone can help you re-secure your account’.

A Compromised Password doesn’t mean necessarily that someone has your password and is about to sign into your bank account and transfer out money or perform some other unwanted action. So, don’t freak out! It means that Safari was able to detect that your password has been involved in some kind of data leak and will recommend you to change your log-in details just to be on the safe side. However, you should address this issue right away and make sure that you keep your accounts secure!

How To Fix A Compromised Password

Compromised Password Video Tutorial

Compromised Password Reasons

In iOS 14 Safari will also recommend you to change your Password for an account in the following scenarios:

• Passkeys that you use multiple times. These will be labeled as Reused Passwords , whenver you use the same or a similar passcode for two or more account.
• Log-in details that use common words, because they’re easier to guess.
• Passwords that are common and used often by other accounts.

Tip: To find other passwords that represent a potential thread please browse for Settings -> Passwords -> Security Recommendations and go through the list.

Important: The Detect Compromised Passwords feature is enabled by default in iOS 14. If you’re not getting your security recommendations your great at configuring passwords, or you’ve accidentally turned this option off. Make sure that it’s enabled! For more details please read how to change compromised KeyChain passwords !

Has Safari found many compromised Passwords on your iPhone?

Related: Learn how to really hide photos on iPhone in iOS 14!

5 Responses to iPhone Compromised Password Notification (Fact Or Hack?)

I understand the concern but if I as user of the internet do not offer or use any personal info while on the internet how is it a security problem . To give a clear example when I use my iPad I am a fictitious character and I only use my iPad for playing games such solitaire, 8 ball pool , word games , puzzle games etc . When I use the same password for all things gaming and playing with my iPad how is this a risk . The info with these accounts have nothing accurate to my info . Forcing these security on me is insane . It is like Apple cannot use common sense and is absurd to make me use unfriendly features that I don’t need . Example in reality is I live alone and play a limited games on my IPad with no one around and Apple forcing me to a Fingerprint or FaceID / Passcode with a different username and password to GET INTO MY OWN REFRIGERATOR!!! If I was a bank executive I would understand and use all the security features available taking all security measures I can but when I have no vital info because I was smart enough to not provide these facts wihen setting up my iPad then understand my side . Let me live and choose my life choices!!

Fred, we understand your point of view, however the Security Recommendations are just a friendly security heads-up provided by Apple. You don’t have to follow it and modify your passwords. You’re just alerted that you’re not using solid passwords and it would be a good move to change them.

Fred, once i make the password change for a particular website, how do I clear the alert from the list?

You have to update the password in Settings -> Passwords for the respective account and the alert will go away.

I don’t want to change my passwords that it is recommending. That’s my business and a chance that if I choose I should be able to make! So, how do you remove the alerts?!?!?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed .

Recent Posts

• 10 Apple Black Friday Amazon 2023 Deals (Save Up To 28%)
• How To Use ChatGPT Voice Free On iPhone And Other Devices
• How To Remove Silent Icon From iPhone 15 Status Bar (iOS 17)
• Pipidae Will Damage Your Computer? Malware On Mac? (Fix!)
• AirPods 6.1 (6B32) Issues, Fixes & Improvements (AP Pro 2)
• AirPods Pro 2 Accessory Model Name Error In Settings? (Fix!)
• Media Player Stuck On Lock Screen In iOS 17? (Fix!)
• Red Calculator Icons on iPhone Instead Of Yellow? (Fixed!)
• How To Use WhatsApp On Two iPhones With Same Number
• How To Watch Las Vegas F1 Live Stream On Your Device (Free?)

Categories                      

• Accessories
• Apple Sales
• Apps or Games
• Errors and Issues
• Jailbreaking
• Leaks and Rumors
• Privacy & Cookie Policy

What Are Compromised Passwords on iPhone? (iOS 17)

What to know.

• If you see security recommendations, that means your passwords may be compromised.
• Compromised passwords are passwords that have appeared in data leaks.
• You can turn off these notifications in Settings, tap Passwords, Security Recommendations, and then toggle off Detect Compromised Passwords.

Have you ever checked your saved passwords and seen a message about compromised passwords on your iPhone? This is Apple’s way of helping you stay secure. When you see this message, it’s your iPhone letting you know that some of your passwords are not as secure as you might think. However, if you do not need this warning, there’s an easy way to turn it off.

What Does Compromised Passwords Mean?

• How to Turn Off Compromised Passwords Notification
• Frequently Asked Questions

If you’ve checked your security recommendations on your iPhone and see a message that says, “This password appeared in a data leak,” that means that the password was leaked. Sometimes, companies will be hit by cyber attacks in which hackers gain access to a database of usernames and passwords. If you have an account with a company where this has happened, your password may be in that database. So, if you use the same password across multiple accounts, the hackers will be able to log in everywhere that you use that password.

This is why it is crucial to make sure you use unique, strong passwords for every account. Your iPhone can suggest strong passwords for you so that you don’t have to worry about coming up with them on your own. Not only that, but iCloud Keychain keeps track of your passwords so you don’t have to. For more iPhone security advice, be sure to sign up for our free Tip of the Day newsletter.

How to Turn Off Notifications for Compromised Passwords  on iPhone

While there isn’t a way to turn off the security recommendation warning completely, you can prevent your iPhone from notifying you if a saved password appears in a data leak. This can be beneficial if you are sharing accounts and don't have control over the passwords. However, we recommend that you take these notifications seriously and, when possible, change your passwords based on Apple's recommendations .

When this feature is disabled, you will not be notified if any of your passwords appear in data leaks.

• Can you check if passwords have been compromised?  You can follow the steps above to get to the Security Recommendations menu. There, you can see all the accounts that your iPhone has detected as being compromised. You can also visit the website  Have I Been Pwned? This site allows you to enter your email address and will tell you which of your accounts have appeared in a data leak.
• How did all my passwords get compromised?  If you use an easy-to-guess password or the same password for every account, it’s more likely that your passwords will get leaked in a security breach at some point. When that happens, all of your passwords become compromised since the same one can be used for multiple accounts. That’s why it’s important to use a different strong password for every account.

Author Details

Rhett Intriago

Rhett Intriago is a Feature Writer at iPhone Life, offering his expertise in all things iPhone, Apple Watch, and AirPods. He enjoys writing on topics related to maintaining privacy in a digital world, as well as iPhone security. He’s been a tech enthusiast all his life, with experiences ranging from jailbreaking his iPhone to building his own gaming PC.

Despite his disdain for the beach, Rhett is based in Florida. In his free time, he enjoys playing the latest games, spoiling his cats, or discovering new places with his wife, Kyla.

Featured Products

Join us as we explore the essential apps and tools to make the time spent on your iPhone more focused and enjoyable. You'll learn all about our favorite tips for saving time and creating a more efficient device when you  become an Insider today !

Most Popular

How to Tell If Someone Blocked Your Number on iPhone

10 Simple Tips To Fix iPhone Battery Drain

How to Schedule a Text Message on iPhone

How to Tell If a Dead iPhone Is Charging

How To Put Two Pictures Together on iPhone

How to Resize an Image on iPhone

Can iPhones Get Viruses? How to Detect & Remove Malware (iOS 17)

How to Transfer Call from Apple Watch to iPhone

How To Turn Off Flashlight on iPhone (Without Swiping Up!)

Answered: What Are Haptics on iPhone?

How to Hide an App on Your iPhone

iPhone Alarm Volume Low? How to Make an iPhone Alarm Louder

Featured articles, why is my iphone battery draining so fast 13 easy fixes.

Identify Mystery Numbers: How to Find No Caller ID on iPhone

Apple ID Not Active? Here’s the Fix!

How to Cast Apple TV to Chromecast for Easy Viewing

Fix Photos Not Uploading to iCloud Once & for All (iOS 17)

There Was an Error Connecting to the Apple ID Server: Fixed

CarPlay Not Working? 4 Ways to Fix Apple CarPlay Today

Check out our sponsors.

• Each email reveals new things you can do with your phone (and other devices) with easy-to-follow screenshots.
• Enter your email to get your first tip immediately!

Apple Event: May 7th at 7 am PT

>  Learn more

>  Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Compromised Password

MacBook Pro 13″, macOS 11.0

Posted on Nov 24, 2020 8:19 AM

Posted on Dec 2, 2020 11:39 AM

Greetings Elizalde_06,

Thanks for your post. It appears your password has been compromised and the Keychain Access app has alerted you to reset the password for a specific app. We've got your back!

Given the screenshot and information, it's hard to know how the password was compromised exactly. However, the screenshot does mention it was in a data leak. This doesn't mean your Mac has been compromised, but the password to this specific application has been.

With that said, we'd encourage you to reset any compromised passwords, for your security. In this case, it looks like this happened in the Zoom app. You'll want to follow the link or go directly to the Zoom website to reset your password with them. Here's a shortcut to their website: Forgot your password? (Link is for the US.)

Keychain Access is the built-in app that saves your username and password. With Big Sur, it now will inform you of any leaked passwords. Which is great for securing your accounts. Learn more about Keychain Access here: What is Keychain Access on Mac?

Be safe out there and take care!

Similar questions

• notice of compromised passwords MacBook pro 16inch OS Monterey. I have been getting pop up notices telling me some of my passwords are part of a data leak. Not sure if this is valid or a scam 7084 4
• Compromised password alert. Hi forum people, My Dad's iMac has been displaying this today. Is it genuine or has anyone else had it?, as I'm loath to enter the password for password access. Many thanks in advance if anyone can advise. 640 5
• My Mac has been compromised What is this Mac OS Ventura [Re-Titled by Moderator] 446 3

Loading page content

Page content loaded

Dec 2, 2020 11:39 AM in response to Elizalde_06

Dec 3, 2020 1:58 PM in response to Elizalde_06

It could be a leak from Zoom itself. Change the password you use for Zoom and if you use it at other sites change it there.

There's a free app for creating passwords called StrongPasswords . It can create passwords with up to 64 characters. For example this 64 character password:

pLeQP8qV2LwHimlU1JX2JtFqZJc36R0zTKFHK2EQkOgcwbN0I6FtnNyJyvgsG2kS

It's a bit long for me. I like to keep them to about 20 characters long.

However, in order to remember them one can use apps like LastPass or 1Password which not only stores them but assists in applying them on the appropriate sites.

Dec 2, 2020 9:50 PM in response to Elizalde_06

Almost everyone has at least one compromised password since websites and businesses have had multiple data leaks where user names, email addresses, and passwords and other personal information have been taken/stolen from compromised websites which stored the information insecurely.

Some web browsers and other apps plus some operating systems like Big Sur are now checking users' passwords against a list of known compromised passwords to alert you that the particular password is now not safe to use. Any accounts you have which use that compromised password should have the password changed. Only change the password using the official methods provided by the website (such as Zoom in this particular case). Sometimes the official apps from those websites/vendors (again such as the Zoom app) may have a method of changing the password with the official app as well. Never change your password by clicking on a suggested link from an email or a pop-up notification (even if it is an Apple notification) as it is a scam (aka phishing attempt) to acquire your password.

Dec 2, 2020 8:11 PM in response to chuck_3rd

hello there are quite a few passwords of mine that show that alert of being compromised, what are the possible reasons and is that something to be worried about?

• a. Send us an email
• b. Anonymous form
• Buyer's Guide
• Upcoming Products
• Tips / Contact Us
• Podcast Instagram Facebook Twitter Mastodon YouTube Notifications RSS Newsletter

How to Check iCloud Keychain Password Security

Using iCloud Keychain, Apple's Safari browser stores and syncs all the passwords you use for different websites and apps through ‌iCloud‌. And in iOS 14 and later, Apple provides security recommendations that warn you if a password you're using is putting your accounts at risk.

• Many people use this password, which makes it easy to guess.
• This password is easy to guess.
• This password uses a sequence. Using common patterns makes passwords easy to guess.
• You're using this password on other websites, which increases the risk to this account if one of those other accounts is compromised.
• This password has appeared in a data breach, which puts this account at high risk of compromise. You should change your password immediately.

To check your passwords for security recommendations generated by Safari in iOS, simply follow the steps below.

• Launch the Settings app on your iPhone or iPad .
• Scroll down and tap Passwords .
• Tap Security Recommendations .
• Check the list of recommendations under "High Priority." Tap a recommendation for more details, or tap Change Password on Website to open a browser window and change your password.

Get weekly top MacRumors stories in your inbox.

Popular Stories

iOS 18 Rumored to Add New Features to These 16 Apps on Your iPhone

Check Out This Apple Watch iPad Demo Unit From 2014

Will the New iPad Pro Really Have the M4 Chip?

iOS 17.5 Includes 'Repair State' Option That Doesn't Require Turning Off Find My for Service

Report Examines GM's Controversial Move to Abandon Apple CarPlay

Amazon's New Apple Sale Has Best-Ever Prices on AirPods Pro, Studio Display, Apple Pencil, and More

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Next article.

Our comprehensive guide highlighting every major new addition in iOS 17, plus how-tos that walk you through using the new features.

App Store changes for the EU, new emoji, Podcasts transcripts, and more.

Get the most out your iPhone 15 with our complete guide to all the new features.

A deep dive into new features in macOS Sonoma, big and small.

Revamped models with OLED displays, M3 or M4 chip, and redesigned Magic Keyboard accessory.

Updated 10.9-inch model and new 12.9-inch model, M2 chip expected.

Apple's annual Worldwide Developers Conference will kick off with a keynote on June 10.

Expected to see new AI-focused features and more. Preview coming at WWDC in June with public release in September.

Other Stories

13 hours ago by Tim Hardwick

3 days ago by Tim Hardwick

1 week ago by Joe Rossignol

1 week ago by MacRumors Staff