I’ve read that AT&T Wireless had a huge data breach and that millions of account passwords are posted online. Yikes! How can I change my AT&T account password?
You’re correct that AT&T has just reported a huge data breach that reputedly affected over 70 million customers! However, it happened back in 2019 and, according to TechCrunch, only 7.6 million of those are active customers. In other words, 90% of the breached accounts aren’t active AT&T customers at this point. Still, the company has reacted by resetting every affected account’s password [NYT]. If you go to log in and it prompts you for a new password, well, the good news is that you need to enter a new password. The bad news is that your social security number might be out “in the wild” online (Fortune says “the data includes social security numbers for account holders”, which would presumably apply to inactive accounts too).
As a first step, you should go and change your password. I’ll show you how to do that. But… it’s a good idea to get a copy of your credit report and ensure there are no anomalous entries. Easiest and safest is to ignore all the “free credit report” sites and just go to your bank for this information. Most banks have easy channels to get this information without charge. AT&T is also going to pay for a credit monitoring service for customers affected by the breach, so keep an eye out for that email from the company.
LOG IN TO YOUR AT&T ACCOUNT
To change your password you’ll need to start at att.com and log in to your current account. As I said earlier, if it won’t log you in but instead prompts you to reset your password, go through that process instead, knowing that you are likely affected. I wasn’t prompted to change my password immediately so I’m hoping I wasn’t impacted…
Once you log in to the Web site, these icons appear along the top of the page:
Choose “Profile” to proceed and you’ll be shown a summary of your account information:
I’ve obviously redacted quite a bit for my own privacy, but what’s important is the tiny “Edit” button adjacent to the Password area. Seems like it should be bigger, but I’ve highlighted it above. Click on “Edit” and you’ll get to the all-important page:
As a first step, you’ll need to re-enter your existing password, then enter your new password twice in a row.
LET’S TALK ABOUT PASSWORDS
AT&T prompts “8-24 characters long, and use at least one letter and one number” but if you add punctuation you’ll have a far more secure password. In fact, it has a subset of punctuation that’s acceptable, as you learn if you try to use a character (like a “.”) that isn’t acceptable:
Passwords are inherently only somewhat secure (as demonstrated by the breach) but it is a level of security that’s worth putting some effort into nonetheless. If your password is only upper and lower case letters and digits, that means that there are 26 + 26 + 10 or 62 possibilities for each letter. Make it 8 characters and that’s 62**8 possibilities. Make it 12 characters, however, and you’ve added billions of additional possible passwords. Now add hyphens, underscores, and the other characters AT&T lists (“+” “=” “#” “?” “*” “$” “!”) and you’ve got 71 possibilities for each letter. Make it a dozen letters long and you’ve got a pretty darn ridiculous 1.64×10²² possibilities!
Ready with a great new password? Excellent. Enter it twice then save it in your password manager program. You are using one, right? I recommend 1Password if you don’t have one yet…
ENABLE EXTRA SECURITY
Enter it correctly both times, click “Save” and…
Mission accomplished. Now, let’s add some extra security to your AT&T account while we’re here…
Go back to your account page, then click on your individual phone’s account information. It’ll look like this:
Again, lots of redaction, but you can see at the very bottom there’s a passcode that’s required to make changes to this particular account (so no-one turns on new services or orders an upgrade without your explicit approval) but you can tighten things up even more. Click on “Manage extra security” as highlighted.
You can see what it enables, it’s essentially a second password or passcode. This can be helpful if you have teenagers too, ensuring that they don’t mess with your account or order new things without approval!
And, finally, you’ll get an email from AT&T confirming your password change:
Now, let’s see how this plays out over the next 12 months. Good luck!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting. Thanks!
Thank you for that much needed help with instructions on how to change my AT&T password! I am one of those victims whose personal information was exposed. My email is received through AT&T-Yahoo!, but I use an IMAP account in Outlook 365 for emails instead of Yahoo!. The passwords for each account are different, and if I change my AT&T Yahoo! account’s password, I will be unable to access Outlook 365 with the same password. Would you kindly post instructions on how to change the Outlook email account’s password, so I can continue using my Outlook 365 email account?
Your help is much valued! I have learned so much from your informative newsletters. Thank you!
You’re welcome. Is your Outlook password different to that of your AT&T account? If it’s to AT&T email, you should be able to access that via the Web and then go into Settings or Security to change the email access password.