Before you start: open a private/incognito window. If your browser is signed in to a password manager that may also be compromised, do this on a second device (phone hotspot is fine).
Urgent Guide
Change your passwords the right way after a hack (10 minutes, in this exact order)
Most people change their bank password first. That's the wrong move. If a thief still owns your email, every "reset your password" link goes straight to them. Email comes first. Always.
The 5-step password reset (in order)
Step 1 · 2 min
Reset your main email password
Use a long passphrase — 4 random words is stronger than "P@ssw0rd!". Then sign out of every device on that account (Gmail: Security → "Your devices" → Sign out; Outlook: Security → "Sign me out everywhere").
Step 2 · 1 min
Turn on two-factor authentication (2FA) on that email
Pick an authenticator app, not text messages. SIM-swap fraud makes SMS the weakest 2FA. Free apps: Google Authenticator or Authy. Save the backup codes somewhere offline.
Step 3 · 3 min
Reset your bank + credit card logins, then turn on 2FA there too
Sign out of every device after the reset. While you're in there, switch alerts to "every transaction" — a $1 test-charge is often how thieves check if your card works before the big purchase.
Step 4 · 2 min
Check if your email or passwords already leaked
Free, run by a security researcher Microsoft trusts — type your email and see every breach it has appeared in.
Have I Been Pwned →Step 5 · 2 min
Get a real password manager so you never repeat a password
One strong master password, every other login random and unique. Apple Keychain and Google Password Manager are free and built in. Bitwarden has a free cross-device plan if you're not all-Apple or all-Google.
The 4 password rules in plain English
- Long beats weird. Four random words ("river-otter-yellow-truck") beats "P@ss12!".
- Never reuse. If one site is breached, the thief tries that password on your bank within minutes.
- 2FA on anything with money or email. App-based, not SMS.
- Write your master password down on paper and put it where you keep your passport. Paper can't be phished.
Done with passwords? Lock the rest of the door.
Passwords stop today's thief. Credit monitoring catches the next one. The quiz matches you to the right plan in under 3 minutes.