By this point, it's more likely than not that at least one of the accounts you use online has been compromised by a data breach. Maybe you've heard of Have I Been Pwned?[1] and you've gone and looked to see which of your accounts have shown up in a data breach, or signed up to get notified when they do. Maybe you got an official notification from one of those breached services that an account of your has been affected; maybe you didn't - or maybe you got a notification so vague that you can't tell if your account was affected to not.
SEE: Password managers: How and why to use them (free PDF)[2]
There's a 30GB database of half a billion leaked passwords[3] that web sites can use to see if a user is creating an account using a weak password that's already shown up in a breach.
Okta's new PassProtect library[4] makes it easier for web sites to use Have I Been Pwned to check whether user passwords are unsafe right when you type them in to log in to your account - which is the most useful time to get a warning, because you're not going to forget to change it. And making it easier for developers to use the service makes it less likely that they make a dumb mistake and end up making things more secure.
As not all web sites are going to