In order to improve the security of our users’ Todoist accounts, we have recently introduced a security measure when logging in, which involves checking email addresses and passwords against the HIBP database (https://haveibeenpwned.com/).
HIBP (short for "Have I been pwned") is a database that tracks all publicly disclosed data breaches. If a user's email address and/or password are found in one of these breaches, we consider that access to be insecure.
If the email address linked with your Todoist account is listed on https://haveibeenpwned.com/, and if you also have a weak password that is listed on https://haveibeenpwned.com/Passwords, then you will no longer be able to log in to your Todoist account. You can check if your credentials have been compromised by visiting the above links.
To regain access to your account, you need to change your password to one that is very hard to guess. To reset your password you can visit https://todoist.com/Users/forgotPassword.
Quick tip