If you opened your Safari browser recently on your Mac, iPhone or iPad and saw “Compromised Password. Some of your passwords have appeared in a data leak, putting those accounts at high risk of compromise. Safari can help you re-secure your account.” you may have some questions about this message:
- Is the compromised password message in Safari real?
- Why does it say my password is compromised?
- What does compromised mean, exactly?
- How do I see the compromised passwords?
In this article, we’ll answer these questions and let you know what you should do about this compromised password message.
Is the compromised password message in Safari real?
Yes, Safari actually puts these messages on your start page. This helps the message get to you. That said, however, because there is a real message in Safari regarding your password security, there will also be scammers who try to emulate this message. They would do this by creating a webpage that looks like a Safari start page. I don’t know of any examples of this scam, but it could happen. To make sure, you can always open a new tab (which opens to your (real) start page). You can also go directly to your passwords in Settings to address the issue.
Why does it say my password is compromised?
When you see the compromised password message in Safari, it means that one or more of the passwords you use appeared in a data leak. This does not even necessarily mean that your username and password appeared. Just that the password – possibly used by someone else if you used something common – appeared in a list of passwords that became public.
What does compromised mean, exactly?
There are lists of passwords that hackers will try when attempting to log in to an account somewhere. One of your passwords appears in such a list. This means that the password you are using is not very secure.
How do I see the compromised passwords?
As far as the message in Safari goes, you can hover over the link in the message to see the username and website address for the compromised password. You can also click on the link if you like.
The best way, however, may be to go straight to your Passwords list in Settings. That way, you can also view all of your other security recommendations. To access the password list:
- On iPhone or iPad: Open Settings and tap on Passwords. Use Face ID or Touch ID to open the list.
- On Mac: Open System Settings (Preferences) and click on Passwords. Enter your Mac password to view the list.
Your passwords and the warnings in Passwords
When you open Passwords, you may see some warnings at the top. For example, you may see Security Recommendations. Tap on it to see the recommendations. You will see warnings about passwords that have appeared in a data leak under High Priority Recommendations, and under Other Recommendations, you may see warnings about passwords that are easily guessed or are reused.
How to change compromised passwords
To change a compromised password, you will need to go the website where the password is used. You can do this from the Passwords list in Settings (System Settings):
- With Passwords open, find and tap on the entry for the website where you wish to change the password – either from the main list of passwords or from the Security Recommendations list.
- Under Website, you can tap on the Safari symbol next to the website address to open that website. Or, you can tap on the website name, select Copy Website and then paste the address in your favorite browser.
- Now, you will need to log in to that site and find the link on the website that allows you to change your password; this will vary depending on the website.
- After you change your password, you should be prompted to save the new password to your Passwords list.
- After you save the new password, it may take a couple of minutes for the Passwords list to sync to your other devices.
- Also, if you save the new password, but it doesn’t fill in automatically, you may need to manually select it: When logging in to the site, select the key symbol and choose the new password. After you fill it in once manually, it should update. This happens because sometimes a site uses a slightly different site address for the page where you enter a new password and the sign in page. For example, Hulu uses all of the following: auth.hulu.com, secure.hulu.com, signup.hulu.com and www.hulu.com.
You may see the compromised password message disappear and then reappear in Safari until you change the compromised password. Once you have changed the password, the message shouldn’t reappear.
Related Password and Security Articles
- This Password has Appeared in a Data Leak: Security Recommendations on iPhone
- ‘Your iPhone has been Hacked, Immediate Action Needed’ Message, How to Fix
- Your Apple ID and Phone Number are Now Being Used, What Does This Mean?
- Getting ‘Reset Password’ Notifications Without Your Request? Fix
- What to Do If You Clicked a Phishing or Scam Link