Password Monitoring & Data Breaches - What to Do When Passwords Leak

Why monitoring matters

When a site leaks passwords, attackers try those email/password pairs elsewhere (credential stuffing). Unique passwords contain the blast radius. Monitoring tells you when to rotate.

What to do after a warning

Change the password on the affected site — use a new random password.
Change the same password anywhere else you reused it.
Enable MFA; use OTP concepts as a complement, not a replacement for unique passwords.

On-site tools

Password strength checker
Blog: protecting against data breaches
How password managers work
All tools