Why am I being forced to reset my password? It’s a question I asked just this week when I tried to log into Canva and was told I needed to reset my password. I hadn’t used my Canva account in months and hadn’t received an email notification about a data breach, so I went in search of answers.
Option 1 – Canva data breach
Surprise! Not really. Canva suffered a data breach on May 24, 2019. According to Canva, someone hacked their user profile database and gained access to information for 139 million users. Canva says the stolen passwords were encrypted, which would make them unusable, but the attacker also viewed files containing partial credit card and payment information. In this case, the simplest, most obvious answer is the right one. Yet another data breach.
Option 2 – companies are being proactive
There have been so many of these massive data breaches over the past few years that some companies are starting to take a proactive approach. According to Brian Krebs at KrebsOnSecurity.com some companies are now testing their users’ passwords against lists of login credentials stolen in data breaches. The process goes something like this:
- The company checks its list of user account logins against the stolen credentials list.
- If the company finds a match, they mark the user account for further testing. If there is no match, they skip that login and move on to the next.
- User accounts that were marked for testing are checked by comparing the stolen password against the account password the company has on file. If the passwords are a match, the company forces the user to reset his password on his next visit.
Dealing with broken password syndrome
If you’re one of those people who uses the same password multiple times, you could find yourself forced to reset your password even though your account might not have been hacked. Annoying as this may seem, it’s actually a good practice and should help curb the desire of users to take a lax approach to security.
Tip 1 – manage your passwords
There are plenty of software solutions for managing passwords. I’ve used 1Password for nearly a decade now and couldn’t function without it. If a website forces you to reset your password for any reason, see that the new password is in your list and the inconvenience will be minimal.
Tip 2 – manually reset your password
When I was resetting my password for Canva, I accidentally missed saving my new password. Problem? Not at all. The next time I need a password for Canva, I’ll just manually reset and store it. Voila. No muss. No fuss. And no broken password syndrome.