When you hear that your email appeared in a leak or suspect that an account has been tampered with, it's easy to start making random changes: changing a word here, and canceling an app there, then forgetting after a week and returning to the same habits. This plan is divided into 30 days to be applicable. The goal: transform reaction into a permanent system.
Day 1-2: Confirmation and Gathering the Picture
Start by checking your email via the Data Breach Checker. Note the most sensitive services associated with this email: email itself, financial, work. Close open sessions from each service's settings, and delete unknown devices.
Day 3-5: Rebuilding Passwords from the Root
Create new passwords for critical accounts using the Password Generator. If you want a main easy-to-remember word (like the password manager word), use Diceware for a long phrase. After that, measure strength via the Entropy Calculator to ensure raising the level actually.
Day 6-8: Activating 2FA for Primary Accounts
Activate 2FA on email, financial accounts, and any service that can reset your passwords. Save recovery codes outside the phone. Avoid relying on one device only.
Day 9-12: Cleaning Up Sharing and Shared Accounts
If you share accounts with a team or family, stop sharing words via messages. Move access management to the Team Vault then change the passwords of shared accounts immediately because the probability of their spread is higher.
Day 13-16: Setting a Smart Expiration Policy
Use the Password Expiration Calculator to determine rotation cycles for critical accounts. For general accounts, make the change upon event only. Remember: a policy applied is better than an ideal policy that no one commits to.
Day 17-20: Reviewing Internal Storage if You Are a Developer
If you manage a system containing users, make sure to store passwords correctly. Use Bcrypt with a suitable cost factor, and review old hashes via the Hash Identifier. A gradual migration plan upon login reduces risks without confusing users.
Day 21-24: Monitoring Early Warning Signs of Incidents
Make yourself have indicators: reset messages you didn't request, logging in from a new country, changes in recovery email. Review the incident response guide when needed: Account Breach Incident Response Guide. Upon suspicion, execute steps: check, change, 2FA, close sessions.
Day 25-27: Improving Privacy During Browsing
A leak might start from an insecure browsing session. Understanding the Web Proxy layer helps to reduce exposure. Start by reading What is Web Proxy? then review How Web Proxy Works Step by Step. Make sure sensitive management sessions are via a trusted connection, and avoid public networks without protection.
Day 28-30: Monthly Routine to Prevent Recurrence
Don't make the plan a one-time event. At the end of the month, fix a monthly routine:
- Check via the Breach Checker for primary email.
- Review password strength via the Entropy Calculator for critical accounts.
- Update shared accounts passwords according to the Policy.
- Review trusted devices and recovery data.
Quick Summary of Execution
If you want a summary: check leak via the Tool, re-generate strong words via the Generator, use Diceware for what must be memorized, measure via the Entropy Calculator, activate 2FA, organize sharing via the Vault, and secure storage via Bcrypt and Hash Identifier.