A security researcher discovered more than 772 million unique email address and over 21 million unique passwords were posted to a hacking forum. The data dump showcases the importance of having strong, unique passwords for every account.
Expert Comments Below:
Sandor Palfy, CTO at LastPass:
“This Collection #1 data dump is yet another example indicating the importance of practicing good password behavior. Despite the fact that weak, reused and compromised passwords are the cause behind many breaches, people continue to display pretty risky password behavior. In fact, in our in our recent psychology of Passwords survey we found that 91% knew that using the same password for multiple accounts is a security risk, but 59% admitted that they continued to do so. In most breaches, the attacker usually just gets the hashes of the passwords and they need to crack or brute force to get the actual passwords. The longer and more complex the password is, the harder it becomes to crack, or brute-force attack which simply means it takes longer for a computer to correctly guess it.
It’s crucial that people create a unique, strong password that hasn’t been used on other online accounts, for every online account they have. If you use the same password for multiple sites, and one site is breached and your password is cracked, attackers will go after your other accounts, more important accounts, likely even before you learn about the breach. Even if a password is brute force, the damage is less if it’s unique, as then it will impact only that account. It’s also worth turning on two-factor authentication where possible as this adds an additional layer of protection that will ensure an attacker won’t be able to access an account even if they do obtain the password.
While this might sound like a daunting task, the good news is there’s an easy fix. Password managers, like LastPass, will create and save complex and unique passwords for each of your accounts, and recall them automatically the next time you log in to those accounts. This makes life easier for the user, and much more difficult for hackers.”