Practice by Numbers has implemented an advanced security feature that helps protect your account from unauthorized access. This feature detects if your password has appeared in known data breaches from other websites and guides you through changing it to a more secure alternative.
Why Did I Receive a Password Security Alert?
If you received a notification about your password security, it means our system has detected that your current password appears in databases of known compromised passwords. This does not mean that Practice by Numbers has experienced a security breach.
Instead, it means your password may have been exposed in data breaches from other websites or services. Cybercriminals often use these leaked passwords in "credential stuffing" attacks, where they try to gain unauthorized access to accounts across many websites.
How Does the Password Detection System Work?
Our password security system works in the following way:
Secure Checking: When you log in or change your password, our system securely checks if your password appears in known data breach databases. This check is performed using a method called "k-anonymity" which ensures your full password is never transmitted to any external service.
Privacy-Preserving Technology: Similar to Google Chrome's password protection feature, we use a privacy-preserving technique that only shares a small portion of your password's cryptographic hash with external databases. This means neither Practice by Numbers nor any third-party service can determine your actual password during this check.
Notification: If your password is found in these databases, you'll receive a notification explaining the situation and recommending a password change.
Guided Password Change: You'll be directed to our password change page where you can create a new, secure password that meets our strength requirements.
Immediate Protection: Once you've changed your password, your account will be protected from this specific vulnerability.
Why We Implemented This Feature
Password reuse is a common practice that puts users at risk. When data breaches occur at other companies, cybercriminals collect these leaked username and password combinations and attempt to use them on other sites. This is known as "credential stuffing."
By checking if your password appears in known breach databases, we can help protect your account even if you've reused passwords across multiple sites. This approach is similar to the password protection features implemented by Google Chrome and other major security-conscious companies.
Frequently Asked Questions
Does this mean my Practice by Numbers account was hacked?
No. This alert doesn't mean your Practice by Numbers account was compromised. It means your password appears in databases of passwords leaked from other websites or services. We're proactively checking to protect your account.
How did you check my password without compromising my security?
We use a secure technique called "k-anonymity" that allows us to check if your password appears in breach databases without ever sending your actual password to any external service. Only a partial hash (a secure mathematical representation) of your password is used for verification.
This is the same privacy-preserving approach used by Google Chrome's password protection feature. The technique works by:
Converting your password into a cryptographic hash
Sending only a small portion of this hash to a secure database
Receiving a list of potentially matching hashes
Checking locally on our servers if your password's complete hash matches any in the list
At no point is your actual password or even its complete hash transmitted over the internet.
Why am I being asked to change my password?
Passwords that appear in data breach databases pose a significant security risk. Cybercriminals specifically target accounts using known leaked passwords. By changing your password, you're protecting your account and the sensitive information it contains.
What makes a strong password?
A strong password should:
Be at least 9 characters long
Include uppercase and lowercase letters
Include numbers
Include special characters (!@#$%^&*(),.?":{}|<>)
Not be based on common words or phrases
Not contain sequential characters (like "12345" or "abcde")
Not contain repeated characters (like "aaa" or "111")
Not follow keyboard patterns (like "qwerty" or "asdfgh")
Not be similar to your personal information
Not be used on multiple websites
Can I use a password manager?
Yes! We strongly recommend using a password manager to create and store unique, complex passwords for all your accounts. Password managers can generate strong passwords and remember them for you, so you don't have to.
Using a password manager is one of the most effective ways to protect yourself online, as it allows you to use strong, unique passwords for every site without having to memorize them all.
How often will I be notified about password security?
To avoid overwhelming you with notifications, we limit password security alerts to once every few days, even if you continue to use a compromised password. However, we strongly recommend changing your password immediately after receiving the first notification.
What if I can't change my password right now?
While we strongly recommend changing your password immediately, you can still access essential functions of your account. However, for your security, you'll be reminded to change your password each time you log in until you do so.
I changed my password but still get security alerts
If you continue to receive alerts after changing your password, it's possible that your new password also appears in breach databases. Please try creating a different password that meets all our security requirements.
How to Create a Secure Password
Method 1: Passphrase Technique
Create a memorable phrase and modify it with numbers and special characters:
Start with a phrase: "coffee makes mornings better"
Add capitals: "Coffee Makes Mornings Better"
Add numbers and special characters: "Coffee2Makes!Mornings$Better"
Method 2: Random Word Combination
Combine random words with numbers and special characters:
Select random words: "elephant banana sunset"
Add capitals: "Elephant Banana Sunset"
Add numbers and special characters: "Elephant7#Banana2@Sunset"
Method 3: Use a Password Manager
Password managers can generate and store strong, unique passwords for all your accounts. Popular options include:
LastPass
1Password
Bitwarden
Dashlane
KeePass
The Bigger Picture: Password Security in Today's Digital World
The internet has transformed how we live and work, but it also presents new security challenges. Password breaches have become increasingly common, with billions of credentials exposed in recent years.
When a website is breached, cybercriminals often publish the stolen usernames and passwords online. Because many people reuse passwords across multiple sites, these breaches put users at risk across many services.
Our password protection feature is part of a broader industry effort to address this problem. Companies like Google have implemented similar features in Chrome and their other services to help users stay safe online.
Additional Security Recommendations
For maximum account security, we recommend:
Use unique passwords for every website and service
Enable two-factor authentication on your Practice by Numbers account
Regularly update your password every 3-6 months
Be alert to phishing attempts that try to trick you into revealing your password
Check your account activity regularly for any suspicious actions
Use a password manager to generate and store strong, unique passwords
Keep your devices and browsers updated with the latest security patches
Need Further Assistance?
If you have questions about this security feature or need help changing your password, please contact our support team:
Email: [email protected]
Phone: (866) 216-8416
Live Chat: Available on our website during business hours
Our support team is ready to assist you with any questions or concerns about your account security.
Practice by Numbers is committed to protecting your account and personal information. This password security feature is just one of many measures we take to ensure your data remains secure.