- Cybersecurity expert Kathryn Linford warns against ignoring unfamiliar login alerts.
- She advises using HaveIBeenPwned.com to check if credentials are compromised.
- Linford recommends password managers and multi-factor authentication for account security.
SALT LAKE CITY — Let's say you're jamming away on something on your laptop or phone, and up pops an alert about a login from an unfamiliar location. It could be an email asking, "Was this you?" Or maybe a second factor authorization prompt on your phone that you didn't initiate.
But whatever alert you get, you ignore because you get so many, and nothing has happened before.
"All the time you're getting these notifications, you're getting texts, you're getting emails, you're getting all of this information coming through," said cybersecurity expert Kathryn Linford, CEO of Insight IT.
But this is information you shouldn't treat as background noise, she warns. Because it means someone, somewhere has your credentials, and they're trying to get in.
"They can get in, and you would never know," Linford said.
Want to know if your login credentials are in someone else's hands? She recommends checking your email address with HaveIBeenPwned.com. It's a free service that will tell you if your credentials have turned up in databases of known data breaches. Also, both Google and Apple now have a similar tool in their security settings.
KSL producer Sloan Schrage agreed to be my guinea pig for this story – typing in his information to see if he'd been compromised. Turns out, he'd been "pwned" several times over – including a 2024 data breach of the digital library site Internet Archive. That data breach exposed 31 million records, and Sloan had no idea until now.
Verizon's 2025 analysis of data breaches found stolen credentials to be the method used most by hackers. If they have your email and password for one website, they'll try to use the same combination on other services.
"Don't use reused passwords," Linford said. "That is the big thing."
She strongly recommends using a password manager.
"You don't have to remember your passwords if your password is automatically being put in," she said.
She also warns that passwords aren't enough to secure your accounts.
"Getting your MFA or multi-factor authentication set up is critical on as many accounts as you can," Linford said.
"If you don't have multi-factor authentication, most of the time it's only a matter of time," she said of your chances of getting hacked.
You should know, scammers love sending fake login alerts that look like they're really from Google, Facebook, Netflix and others. Linford says never click on any links to verify a login. Instead, navigate to that site on your own, log into your account and check for any strange log-ins.










