A compilation of more than 3.2 billion unique pairs of emails and passwords was recently leaked on a popular hacking forum according to a report last month from Cybernews.
And this is just one of many massive data breaches over the years at companies such as Equifax and Marriott. Stolen passwords often make it to the dark web where merchants peddle stolen credentials.
A report last year said that the Average American had personal data stolen at least 4 times in 2019.
Here are 5 things you can do to protect yourself:
(1) Find the leak: First, find out what passwords have been leaked and where. Google keeps track of this in your Google account. Go to Google’s Security Checkup page where you can change passwords that have been exposed in a data breach.
Websites such as haveibeenpwned provide similar data.
(2) Don’t reuse passwords or similar variations of passwords: This is advice given over and over again by security professionals. The upshot: if your password is exposed in a data breach and you use that password for other websites or accounts, you’re at risk.
The risk is not only reusing the same passwords but reusing password patterns with minor variations. “[Users may] adopt a password pattern and make a few variations…that turn out to be less secure than you might expect,” Tim Wade, technical director, CTO Team at Vectra, a San Jose, California-based cybersecurity firm, told Fox News.
(3) Strong password or password manager: The more sophisticated cyber gangs specialize in cracking passwords. For example, during a so-called brute force attack, a computer program tries “infinite combinations of usernames and passwords until one fits,” according to NordPass. The weaker the password, the greater the risk.
What makes a strong password? Avoid names found in the dictionary. And avoid anything that can be associated with you such as names of children, names of pets, and place names. Passwords combined with a random string of letters, numbers, and special characters or symbols is a good rule to follow.
Cybersecurity software firm Avast offers good advice on what makes a strong password.
A password manager will typically automate the password change process “which allows you to react more quickly after a breach,” Chris Hazelton, Director of Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile security solutions.
A password manager will also “create truly unique and highly complex passwords,” Hazelton said.
(4) Use one secure email account for password resets: dedicate password reset emails to one secure email account. Make the account secure by using an account name with no recognizable connection to you. And use a strong password and enable two-step verification.
(5) Disable autofill: Avoid using your browser’s autofill forms feature. Especially for passwords. Though handy, it puts you at greater risk. If someone breaks into your device or gets temporary access to your device, it could give them instant access to your online accounts. Turn this feature off when using Google, Firefox and other browsers.