Chrome says I have 83 compromised passwords. How do I fix this?
I know, use a password manager, etc. which is great advice moving forward. But how do I clear this backlog of accounts for absolutely random websites I haven't accessed in years!
Is there any software or automation tool that can do this?
As far as I know, this will have to be a manual process of enumerating all your accounts, and changing the password for each one using their own reset password mechanism.
I did this when I first started using a password manager and the couple of hours that I put in years ago have paid off over and over again with peace of mind and better security practices.
83 _different_ passwords?.. that seems high. You may want to more closely inspect extensions or plugins you may have installed on your browser and see if you aren't running some form of key logger or cred stealer..
Prioritize the ones that can do the most harm / cause the most loss and get off of HN and change them now.
How did HN end up to be a Stack Overflow for the computer illiterate?
Don’t. Worry about the ones that matter. If some random forums have a crappy password, whatever. If your credit card, bank, Amazon, or sometime other website with financial info has a leaked password, fix those.
You can fix the others lazily, when/if you access them next.
Quite a lot are probably services you don't use anymore, and that don't have up-to-date payment methods. In which case you can just write them off.
Do all of these commercial products that flag compromised passwords get their data from the same source of truth (HaveIBeenPwned)?
I don't really care about passwords for forum websites.
You want strong passwords for any website that retains credit card information.
And super strong passwords for Google, email, bank and credit cards. These are all in my head and looong.
If your phone gets simjacked, you most definitely do not want to allow Google password recovery by text to "your" phone number.
> I know, use a password manager
If chrome knows about your passwords being pwned, you are using a password manager. Just let it pick the passwords in the future. Look at the list, and change / close a couple accounts a day/week and you'll be done eventually. Prioritize to change important accounts first.
For most random websites, it would probably be better to close your account.
As you are using Chrome, you already have a password manager.
Also, since chrome is warning you about these passwords, it obviously knows your passwords - so you are already using its password manager.
Moving forward, utilise the "generate password" functionality.
Consider yourself lucky. Mine says 357. Every once in a while I go in and update a few of them at a time.
I include them as a task in my weekly "digital chores" and I'm left with 63 Compromised website as of today. But I'm down to "zero" on Weak, and Vulnerable Passwords. Btw, most of them can just be deleted -- old websites, changed business, etc.
If you mean to clear the backlog inside the browser, you can manage your passwords in chrome://settings/passwords.
Or you can clear them, all at once, via chrome://settings/clearBrowserData
You could just not care if the password for some random forum is known.