For your security, mySAGOV account uses a password verification service to check if your password has been compromised during a breach of another service where you've used the same email and password.
What is a compromised password?
Compromised passwords are passwords that have been exposed in a data breach. If your password is exposed in a data breach, it can be used by attackers to try the same password on any other website you may use.
If mySAGOV detects your password may have been compromised, you will be asked to choose another password.
What should I do if my password is compromised?
To keep your mySAGOV account secure, we highly recommend that you log into your account and change your password, as well as enable two-factor authentication for your account.
What password verification service do you use?
mySAGOV account uses the Google Password Checkup feature, which provides a secure way to check if passwords may have been compromised or not.
Do you know my password?
No, when you enter your password (for example, when you log in, create a new account or reset your password), only a hashed representation of your password is stored and checked against the Google Password Checkup feature that allows mySAGOV to do a partial hash match against a breached password list. Your mySAGOV account is not compromised, and your data is secure.
