Latest Top Posts

ten-years-later-google-photos-is-unrecognizable-but-i-can’t-imagine-switching

Ten Years Later Google Photos Is Unrecognizable But I Can’t Imagine Switching

gemini-gains-a-fresh-launch-animation-in-android-16-qpr1-beta-2

Gemini Gains A Fresh Launch Animation In Android 16 QPR1 Beta 2

i-found-the-best-free-and-secure-way-to-transfer-files-between-android-and-windows-or-mac

I Found The Best Free And Secure Way To Transfer Files Between Android And Windows Or Mac

android-16-keeps-reading-my-mind-and-i’m-not-mad-about-it

Android 16 Keeps Reading My Mind And I’m Not Mad About It

android-16’s-boring-debut-is-a-sour-note-on-the-big-update,-and-at-the-worst-time

Android 16’s Boring Debut Is A Sour Note On The Big Update, And At The Worst Time

I’ve Forgotten To Update Countless Passwords, And It Has Cost Me — Here’s What Happens When You Don’t

Android Police's Best Reads Applications Best Reads password protection Add Comment 11 Min Read
i’ve-forgotten-to-update-countless-passwords,-and-it-has-cost-me-—-here’s-what-happens-when-you-don’t
I’ve Forgotten To Update Countless Passwords, And It Has Cost Me — Here’s What Happens When You Don’t

Everything needs an account these days. As someone who reviews apps and games professionally, I find it hard to discover an app or game that doesn’t require login information to operate on your Android tablet or phone. The more accounts we create, the more we forget those passwords. When we don’t rely on a password manager for help, we often re-use passwords subconsciously, putting other accounts at risk.

I’ve been in this situation more times than I can count — which is why I wanted to reveal all the crucial reasons why you should update those old, forgotten passwords even if you’re not actively using those accounts.

An illustration of a phone with a password field in view surrounded by red flowers

Related

4 bad habits that make online banking passwords easy to guess

That trusty old password could be the weakest link in your financial security

7 You might forget your old password

Incorrect password entries could lock down your account

A message bubble with a security code, surrounded by icons of passwords, padlocks, keys, and a credit card, all encircled by multiple alert icons

Source: Lucas Gouveia / Android Police

I’ve been in that unfavorable situation where I’ve entered the wrong password too many times and been locked out of my account due to the system’s security settings. It’s a frustrating experience, but one that I’ve learned from. Since I have a bad habit of not checking on past accounts, some of my passwords are over half a decade old.

In practice, you should update your old passwords occasionally (or on specific triggers that warrant a password change) but not too frequently so you don’t become too lazy with password variations. It defeats the purpose of creating a secure password if you change a few numbers or words but keep the base.

6 Your old passwords might be too weak

Weak passwords are easy to guess

Google Password Manager open in Chrome for Android

I’m sure every one of us has created passwords containing our personal details, such as birthdays and favorite sports players, and even connected them to our first and last names to try to remember them more easily. But doing so also makes them easy to guess. A strong password should comprise a unique combination of symbols, numbers, uppercase, and lowercase characters.

See also  6 Web Apps That Might Be Secretly Draining Your Phone’s Battery

The password should also be unique to that particular account to avoid crossover. Moreover, lengthy passwords are also difficult to crack. If you’re stuck, a good password manager can help you generate a strong password and store it.

A neon security lock appears over the blurred background of a backlit keyboard

Related

How to create a strong password

Protect your personal information with a strong passphrase

5 Your email and security questions are outdated

Take the time to update your account information

A suitcase, passport, and other travel items, along with a phone displaying security shields.

Image source: Lucas Gouveia/Android Police | Pla2na/Shutterstock

Using the “Forgot password” function might seem like a crutch, but then it becomes useless when you fail to make it work. I’ve had to recreate accounts because I couldn’t remember the answers to my security questions, and I registered an old, unused email address that I couldn’t remember how to access. You can fix this easily by updating your old password and re-checking all your security details.

If your security verification methods are outdated, add another email/phone number, and then update your security questions’ answers (a helpful tip is to record your answers somewhere, as some of them may be case-sensitive). Taking the time to review your account can save you from losing it.

4 Activate 2FA for your old accounts

Animated person with question mark above head holding phone with large blue recover account button beneath them

Source: Lucas Gouveia/Android Police

Back when I registered for a new account, some places didn’t have two-factor authentication (2FA) built-in yet. For me, this often occurs with my gaming accounts. My HoYoverse account didn’t have 2FA for Genshin Impact when I first created it (HoYoverse introduced 2FA in May 2021, more than a year after the game’s launch). Not having 2FA from the beginning was terrifying since one of my friends nearly had his account stolen when he first started playing. Thankfully, he recovered his account, but it was a painstaking process that nearly ended in failure. In his case, if he had activated 2FA with his phone number, he might have been able to protect his account (unfortunately, his connected email address was compromised).

See also  Quick Share's Latest Update Helps You Make Sure Files Are Safe To Accept

When updating your old passwords, check to see if 2FA is available. Enabling 2FA will strengthen your account’s security. So, if your password is ever hacked, stolen, or leaked, you can reduce the chance of an unauthorized user gaining access to it by linking it to another verification source.

3 Your old password might have been leaked

The password could be exposed somewhere without your knowledge

Illustration of Google's password manager with the Google logo and warning signs around it.

Source: Lucas Gouveia / Android Police / Google

Security breaches happen. Your password and email may have been leaked online. Unfortunately, that’s the grim reality of creating accounts online: you depend on a website or system’s security to safely store your details.

The “Have I been pwned?” website (run by Troy Hunt, a renowned web security consultant) offers a way to check if your emails have been leaked online. I’ve used this tool before to check if my Microsoft IDs have been stolen, and I found some surprising results. Some of my alternative accounts were compromised, but my main account remained unaffected. As a result, I changed the passwords for all associated emails on all of my accounts. You can also use the website to check old passwords; it would work similarly. I tested the password feature after Discord suffered a data breach in March 2023, and it confirmed that my password wasn’t secure. If you are ever unsure about the safety of your account information, you can use the website to verify it.

2 Your old password might have already been retrieved

Malware can steal your passwords

A drawing of a phone with a lock on it surrounded by malware bugs.

Source: Android Police

Similar to the leak situation, your old password may have been retrieved through malicious software (commonly spyware) and phishing. Keyloggers and infostealing software are notorious for this. Keylogging software can detect the strokes of your keys to learn your password. Infostealer can scan your data and take it.

Phishing is another common one. When you click on an inauspicious link that appears legitimate, you may inadvertently disclose your personal data (through fake forms or even a disguised login page). If you fall victim to a phishing attempt, immediately change your password (even if your password isn’t old).

On the other hand, if your information is being stolen through spyware, changing your password won’t fix it. You will need to overcome the problem by removing the malware that’s infecting your device. Otherwise, you risk getting your password stolen again. I routinely perform a quick virus scan of my computer before changing my password (just in case).

An Android logo against a silver background with cartoon bugs crawling across.

Related

Restrict public access to secure your account

Sharing passwords with family members in the Google Password Manager app

Sharing passwords poses some risks. Either the person you shared it with is someone with whom you are no longer close, or they’ve begun circulating your account information without your knowledge. In either case, it may be time to revoke access to your account. The other possibility is that they may have also suffered a security breach and had your password stolen (with or without their knowledge). I had this happen to my Crunchyroll account years ago when I shared my account details with someone who was infected with malware.

It’s also always a good idea to treat any account-sharing as temporary and place restrictions on it. The safer alternative for account sharing (especially for streaming services) is to add someone as a guest or secondary user directly. This way, you can split the bills and let the other person manage their own account.

Digitally sanitize your information

The best way to protect our data is to share less of it and ensure we use secure, trusted software and websites. Most of the time, we will have to give up our data to stay digitally connected. However, you can still be careful about how much you’re willing to give. For example, I avoid giving apps more permissions than necessary and then uninstall them when I no longer use them.

For websites, I don’t allow cookies (I opt in for necessary cookies only), and I avoid diagnostic data being shared. For passwords and emails, I recommend avoiding using your primary email address and opting for passwords that contain no personal information that could be linked back to you. You can also opt into a trusted password manager and enable 2FA if the option is available. My final tip: keep your passwords encrypted — it helps make your stored and transmitted passwords harder to see.

Tags: