Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

What you should know about VPN passwords

A VPN username and password combination is the key to unlocking a secure private connection, which you can get only by purchasing a subscription. However, you could easily find numerous posts in forums and listings on e-commerce sites selling VPN subscriptions of popular providers. Beware – these are often stolen accounts or fakes only there to trick you out of your money.

Aurelija Andriekutė

Aurelija Andriekutė

What you should know about VPN passwords

VPNs are becoming more and more relevant and desirable as cybercrime rates grow. They can do more than just provide secure encrypted connections on any connected device. That’s why cybercriminals steal people’s VPN credentials for themselves or to re-sell. Don’t want your account to end up for sale online? There’s one sure way to prevent that – use a strong VPN password.

How accounts end up for sale online

Cybercriminals use different tactics to steal people’s credentials and then sell them online. Here are the most popular ones:

Phishing scams

Phishing scams come in many forms, like someone pretending to be an official representative of a service you use and asking for your password and email to fix something in your account; or a genuine-looking password reset email warning you that someone tried to log in to your account. Some can be absurdly obvious, while others very well made. It takes a trained eye to recognize a phishing scam, so always go over such emails very carefully before clicking on anything. Better yet, open a new tab and go to the supposedly compromised account to change your password manually.


You clicked on a malicious link, downloaded questionable software, used a shady torrenting site, and now you have malware on your device. Worst of all, you might not even notice it before it’s too late. Keyloggers and spyware will collect data about you, including your credentials for various sites and services, and send it all to the attacker.

Credential stuffing

Websites with poor security are easy prey to an experienced hacker. However, large companies with sophisticated infrastructures can also mess up. In the end, the result is the same – people’s usernames and passwords end up for sale online. As most internet users don’t bother to set a different password for every account, cybercriminals try the same set of credentials for different online services. This is called credential stuffing. Unfortunately, they often succeed and take the account over.

Choose a safe VPN provider like NordVPN and enjoy secure browsing.

How to set a new VPN password

If you suspect that your account could be compromised or you forgot your NordVPN password, here’s how you can change it:

1. Go to

2. Tap the “Forgot your password?” link.

3. Enter your email address and click “Send Reset Link”.

4. You’ll receive a link in your email to set a new NordVPN password.

If you need more help, visit our Help Center for a detailed tutorial on changing NordVPN password.

I got a “password verification failed: ‘Auth’” error

If you got a “password verification failed: ‘Auth’” error when trying to log in to NordVPN’s Windows app, there are a few things you can do:

  • Update your app if you’re using an older version.
  • Your password might be incorrect. If you forgot it, click the Forgot your password? link under the login window, and you’ll receive an email for resetting your password.
  • Reinstall the application: delete it through Control Panel, download the app, and set it up again.

If you’re still having problems, visit our Help Center or contact a support agent.

How to create a strong VPN password

There are a few simple rules you can follow to create a strong password:

  • Longer is better. Avoid using anything below 10 characters. A longer password will take more time to crack if someone tries to brute-force it.
  • Be confusing. If you can’t pronounce your password, that’s a good start. Don’t use common words. If you do, distort them in some way, add random upper-case letters, numbers, and special characters.
  • Use a password generator. If you don’t have time to indulge in password shenanigans, a password generator will do the work for you. Use filters to remove or add certain characters, and it will be perfect every time.
  • The more, the merrier. Using one password for every account you have is dangerous, unimaginative, and plain old lazy. Put that password generator to good use and create a new password for each of your 150 accounts. Don’t want to remember every one of them? No one does, so here comes the next step.
  • Use a password manager. Why do something yourself if there’s a safe, quick, and user-friendly app for it? Get NordPass to store your passwords, credit card details, secret notes, and other personal information. You’ll be the only one able to access your encrypted vault, safely tucked away in a cloud.

Can a VPN provider see my password?

You put a lot of trust in your VPN provider. It’s important to know that it doesn’t track your actions online or store too much data on you – including your password. A reputable VPN company will have strict rules about how they handle their users’ information.

However, free VPN providers usually don’t have any serious privacy policy in place. Not only do they collect a lot of information about their users (like their browsing history) but are also likely to sell it. Don’t expect a company like this to keep your credentials safe.

Online security starts with a click.

Stay safe with the world’s leading VPN

Aurelija Andriekutė
Aurelija Andriekutė Aurelija Andriekutė
Aurelija is a copywriter at NordVPN. She's eager to help her readers explore what makes the internet run and how to stay safe online.

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.