A reader commented on an article about a massive security breach that exposed millions of passwords to ask if you should still change your password, even if it was a secure password generated by a computer, such as the service Google offers to generate complex passwords.
The answer is yes. If a security breach accessed sensitive information like passwords or usernames on a company’s database, it doesn’t matter where those passwords came from.
If they’ve gotten into the company’s files, they can see your password, whether it’s 123ABC or the most complicated password on the planet. So, yes, change those passwords if your account is affected.
The one thing that will protect you in this case is having multi-factor authentication. They may have your password, but if you can’t get into your account without approval via email, text, or an authentication app, they aren’t going to get in there without you knowing about it.