Home Compliance & Certification Password Compromise Screenshot Guide

Password Compromise Screenshot Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact demonstrates your company’s ability to detect compromised passwords and immediately enforce a password change. Cyber Essentials requires this because an early warning system for password leaks and other breaches prevents attackers from using stolen credentials to infiltrate systems.

2. What You Will Submit

You will need:

  • screenshot from your password manager showing the detection of a compromised password.

  • The screenshot should clearly display:

    • User details (e.g., email or username associated with the password).

    • The alert or notification flagging the password compromise.

    • Confirmation that password change was enforced or recommended.

3. How to Collect / Obtain / Generate This Evidence

For StrongKeep customers:

  1. Log into the StrongKeep Dashboard → Password Manager.

  2. Go to the Compromised Password Alerts section.

  3. Screenshot the list showing compromised passwords and any emails with related enforcement actions (e.g. password reset recommended to the respective staff).

For third-party password managers (e.g., LastPass, 1Password, Bitwarden):

  1. Log into the password manager dashboard.

  2. Go to the Security / Breach Reports section.

  3. Capture a screenshot showing detected compromised passwords (e.g., “password found in data breach”).

  4. Ensure it also shows enforcement actions (e.g., prompting password change or auto-reset).

4. Evidence Format

  • Accepted file types: PNG, JPG, PDF.

  • Suggested naming format:
    YourCompanyName_PasswordCompromise_YYYY-MM-DD.png
    Example: AcmeCorp_PasswordCompromise_2025-07-01.png

5. What “Good” Looks Like

  • Screenshot shows compromised password detected in the system.

  • Displays enforcement action (e.g., change password, notify user).

  • User identifier (email, username) visible, without exposing sensitive data.

  • Evidence from trusted password manager (Bitwarden, 1Password, StrongKeep, etc.).

Why it matters: auditors want to see that you actively monitor and manage compromised credentials, ensuring they are promptly addressed to avoid breaches.

6. Tips

  • Redact sensitive details (like full usernames or passwords) before submitting.

  • Regularly review and enforce password hygiene practices across the organisation.

  • Make sure your password manager integrates with your incident response to automate actions.