I remember the exact moment I found out.
2:13 a.m. The kind of hour reserved for bad decisions, existential reflection, and system alerts you pray are false positives. My phone lit up with that cold, clinical notification:
"We detected unusual login activity."
There are few sentences in modern life that drain your blood faster.
You replay every click of the past week. Every site you logged into. Every airport Wi-Fi you trusted. Every "accept cookies" you hit without reading. You start mentally inventorying your digital footprint like an archaeologist excavating your own negligence.
The worst part is not the breach itself.
It is the realization that your password was not just a string of characters.
It was personal.
It had history.
It had loyalty.
For five years, I had used the same password. Not everywhere. I am not reckless. I had "variations." An uppercase letter here. A number there. An exclamation mark when feeling adventurous.
But at its heart, the password was constant.
His name was Max.
Max, my Australian Terrier, had unknowingly secured my bank accounts, my hosting panels, my domain registrar, my cloud dashboards, and at least one embarrassing social media profile. He did not ask for this responsibility. He simply showed up one day, fourteen pounds of opinions and a moustache, and became the foundation of my digital identity.
And now Max had been compromised.
The email continued: "Your password appears in a known data breach database."
A known database.
Which means somewhere, in some dimly lit forum on a server I will never identify, someone now knows Max. He is a row. He is a hash. He has shown up in the haveibeenpwned dataset. The breach happened to a service I have not used since 2019, by people who do not know him, and he will live in their dataset forever.
I looked at him asleep on the couch. Peaceful. Unaware. Trusting.
He had no idea he was trending.
The instructions were clear: change your password immediately.
Of course. Sensible. Responsible. The advice I would give a client at 11 a.m. without hesitating.
But then came the psychological unraveling.
If I change the password, what do I use?
You cannot simply invent five years of emotional attachment overnight. You cannot manufacture entropy that easily. Security experts will tell you to use a password manager. Generate 24 random characters. Store them safely. Rotate quarterly.
That is not how humans operate at 2:17 a.m.
At 2:17 a.m., you look at your dog and whisper, "We have a situation."
He lifted his head slowly. The Australian Terrier's signature look, the one that has been bred into the line for a hundred and fifty years: head up first, ears at full alert, deciding whether the situation warrants standing. It is the look of a working terrier evaluating whether to engage. He had used it once, in 2022, on a possum.
He used it now on me.
"It's about you," I said.
He blinked.
"You've been breached."
He tilted his head. That innocent tilt that once brought me joy now felt, frankly, like a liability.
"You're common," I explained gently. "Too common. There are thousands of Maxes. Millions. It's not your fault."
His tail thumped once. Defensive, perhaps. Australian Terriers do not take kindly to being called common. They are descended from working dogs in the Tasmanian outback. They were ratting on farms while the rest of the AKC was still being invented.
"I need something stronger," I went on. "Unique. With numbers. Special characters. Something nobody can guess."
He yawned.
"Which means," I continued, "we may need to… rebrand you."
That got his attention.
"It's not permanent," I lied. "Maybe something like M4x_T3rri3r!92."
He stared at me in horror.
"Security requires sacrifice," I said solemnly.
Five years ago, I named him Max because it felt right. He looked like a Max. Eight pounds, scruffy, walked in like he paid rent. Today I stood in my living room explaining why his identity needed more complexity.
I realized then what modern cybersecurity has quietly taken from us.
Not just passwords.
Not just convenience.
But the simple joy of calling your dog by a name that does not require a symbol-shift key.
The next morning, I did what I should have done years ago. Installed a password manager. Generated 24 random characters per site. Set up two-factor authentication on the accounts that supported it. Audited every login that still had the old password and rotated it.
Max remained Max.
But every time I look at him now, I wonder:
If another breach happens, and statistically it will, will he survive the next audit?
He looks back at me with the calm of an animal who knows he is not, in fact, a password anymore.
The thing about Australian Terriers is that they do not forgive easily. He has not forgotten the night I suggested M4x_T3rri3r!92. He brings it up, in his own way, when the kibble arrives late.
I lock the laptop.
He sleeps.
We have an understanding now.
Update, July 22, 2025
A few notes I wanted to add.
Max wasn't actually his name, but the story is close to what I described. He passed away quite some time ago. To be clear: none of my accounts were actually compromised by the time I sat down at the laptop. The alert came from a breach-monitoring service, the kind some credit card companies and most password managers run for you against the public breach dumps and dark-web forums. When a breach hits, there are usually hundreds of thousands of credentials in the leak, and attackers work through them over the weeks and months that follow. By the time my alert arrived, nothing using the old password had been touched. I checked, confirmed everything was clean, had the chat with Max that I described above, and changed the passwords first thing in the morning.
If you don't already have breach monitoring on, set it up. Most password managers include it, some credit cards do too, and there are standalone services that do nothing else. When an alert comes in, don't wait. Change the password right away. The whole point of those monitors is to give you the head start the attackers have not yet had time to use.
I think the story resonates with a lot of pet owners and pet lovers. You have your special friend who is always there to listen to you, you play with them, you do a lot of activities together, and somehow they end up in the small corners of your digital life without you really planning it.
I would have placed this piece in Experiences, but I felt that framing might make it sound like I had been negligent. Security is a large part of what I work on day to day, so the last impression I want to leave is that someone in this line of work has been casually breaking the rules they tell other people to follow. The whole point of the article is the opposite: a password manager and two-factor authentication, like I described, are the way to go, and that is what I did. I put it under Humor because the situation is something pretty much all of us go through when we decide what to use as a password. The humor is in the universality of it, not in the security posture.
I'm not expecting anyone to go trying to find the name of the dog in password databases using my information, so please don't do that. Max still protects a handful of my accounts. Slightly more secure than he used to be.
