How to Secure Your Accounts After Massive Hacking of the Password From Collection # 1
“Another day, another migraine” is a beautiful morning mantra from SpongeBob’s Squidward Q. Tentacles, which you can also use to keep your account secure almost weekly. It seems like there are always some new data leaks or nasty leaks you have to deal with, and today’s exercise is important. The largest of these: 1,160,253,228 email and password combinations, for a total of 773 million unique email addresses.
To put this in perspective, security researcher Troy Hunt calls it “the largest breach ever uploaded” on his helpful Have I Been Pwned website. And chances are good that you were really tricked. It may even have been intercepted several times, depending on how many times your various accounts show up in this huge Compendium # 1 data breach – a large combination of many other data breaches dating back to 2008 (potentially).
Are you hurt?
Probably. But just in case, go to Have I Been Pwned and enter the email address you use (or have used) for various services on the Internet. As the results show, you’ve probably been the victim of a lot of data breaches. If you are the lucky winner today, you will now count Collection # 1 among them.
What passwords should you worry about?
If you’ve been digging into Have I Been Pwned, you’ve probably noticed that there is no way to get a definitive list of which account / password combinations appear in various hacks and hacks. Obviously, providing such a list would be a security issue in and of itself, as anyone could then use the site to find new credentials to try out.
Instead, Hunt created a separate password scanning tool . Enter the password you are using (or once used) and you can see if it shows up on any data breaches in the large website repository. Obviously it won’t do you much good if you (foolishly) use a generic password like “hunter2” or “password12345”. But if your password is strong enough and likely unique, this tool can be a great warning sign that it’s time to change it – if you’re still using a password, that is.
Now what?
Fortunately, the Digest # 1 data breach only concerns email addresses and passwords, not addresses, real names, social security numbers, credit card numbers, or any other critical data. That said, you don’t have to go through more annoying processes like changing your credit card, setting up credit monitoring or freezing credit reports, you still want to take some steps to gain a little more control over your (now open) accounts.
First, the obvious: if your passwords appear in the Have I Been Pwned database, it’s time to change them . If you have many unique passwords for all your accounts – you should! – then checking this will be a headache. You might want to study management tools passwords , such as the 1Password , which can do all this for you and tell you when your passwords are found in the new hacking.
And if you’re not already using a password management app , now is a great time to start. There is no reason why each of your accounts should not have strong unique passwords . This keeps you safe by ensuring that such security breaches only affect one of your accounts, and not the only “secure” password you use for each account.
Plus, a tool like 1Password makes it easy to manage complex passwords (or passphrases). Instead of having to remember a long string of letters, numbers and symbols you created, including capital letters, whenever you log in, you simply authenticate with 1Password and copy / paste the complex service password. It is so simple.
Of course, more can always be done. A strong password is fine, but it’s even better if you use it in conjunction with two-factor authentication . You should use two-factor authentication for any websites that support this practice, which you can check right here . Even if someone gets your awesome password, they won’t be able to do anything with it as long as you still need to approve any new logins, including logins from a place you don’t normally reside, for example.