Authorization Code Flow
Breached Password Security
When a user receives an email requesting that they change their password immediately, it is because their account could be the victim of a security breach. This may be the result of a compromise by a third-party application that experienced a security breach. The breach may not have happened to this account, but based on available data, the user's credentials may have been released. Since many people reuse passwords, the request to change passwords is a precaution to make sure the user stays protected.
Users may also want to change their password at any other sites where they suspect they used a shared password.
How it works
General security tips
Users can't usually prevent certain sites from experiencing security breaches, but there are some things they can do to help keep their accounts safe.
How to implement it
Check emails carefully
Check where an email is coming from and the links that they provide. Often phishing emails do not include a user's name but something generic such as "Dear Customer."
Reset passwords directly from sites
Always do a password reset through the actual site itself not via potentially false links in emails. Also note that secure website URL always starts with
Here are some links for password resets on commonly used sites:
Never enter personal or financial information in email
Emails in general are not very secure and are not a good way to communicate sensitive information. A trusted company/application would not ask for information in this way. Make sure not to enter confidential information through false links in emails.
Never download files from unreliable sources
Most web browsers detect suspicious sites. An alert should appear when you try to access a malicious site. Never download files from suspicious emails or websites.
Do not reuse passwords
When one site has a breach of user data, if a user uses the same credentials elsewhere, information in other sites can also be accessed. The only way to prevent this is by not reusing passwords for multiple sites. The problem is that remembering countless passwords is frustrating and often impossible. One solution to this problem is the use of a password manager. There are many password managers available which can help users to use separate and secure passwords for each account, but at the same time not be responsible for remembering all of them.
Use strong passwords
The longer a password is, the harder it becomes to be guessed via brute force methods. Many sites allow the use of pass-phrases (a phrase or sentence instead of just a complicate word.) Try to make passwords long and use a mix of special characters, numbers, and upper- and lowercase letters.
Keep software current
Applications release patches and updates when they find security vulnerabilities in their systems. Keeping applications, web browsers, and operating systems up to date can help prevent security breaches.
Check the security of your email inbox
If you use Gmail, Google offers the Security Checkup tool to let you know if there are any security issues related to your inbox.
You can also use third-party tools, such as websites like HaveIBeenPawned to see if there might be security issues associated with your email address.