Question: Is there a way to find out if my passwords are part of this last violation?
Answer: You may have seen the titles around a mass leak, including nearly 10 billion unique passwords and over 16 billion records. Now the Rockyou2024 summary file-original compiled last year-baby updated and re-disconnected with newly added data from recent violations. This is one of the largest landfills for powers that has ever been assembled and is now actively spreading into cybercriminals.
This is not the result of a new hack, but rather a megacopilate of old and recent stolen powers-collecting in a large-looking package. The real danger lies in how criminals can now use this treasury to launch what are known as “filling” attacks. These attacks include trying combinations by email and passwords on thousands of websites and applications in fast sequence to see what still works.
Even worse, the strategy is developing. Hackers now use AI to identify and test password models based on public information and clues of behavior. This means that even if your exact password has not been in the leak, something close to it can be assumed. If you are inclined to reuse passwords or have not changed one for years, you must accept that your credentials are vulnerable and take steps to protect yourself.
Start with important accounts
Prioritize the update of passwords for your main accounts by email, bank and credit cards, cloud storage and social media platforms. These are the accounts that are most likely to be used to theft of identity, financial fraud or spam distribution. If your email account is compromised, it can be used to reset access to most other accounts.
Use a password manager
Tracking dozens of unique, complex passwords is not realistic without help. Password managers store your logins securely, generate strong passwords for new accounts, and often warn you if a reserved entry in violation occurs. Once you set yourself up, this actually makes your online account management faster and less disappointing.
If you are hesitant to use one, at least break the habit of using the same password on multiple sites. Even a private, concealed note on your device is better than “leaving the same key under every goalkeeper” online.
Check that your credentials have been exposed
Visit Haveibeenpwned.com, a reliable resource developed by a security researcher, and enter your email address. This will show you whether your information has appeared in all known violations. You can also test individual passwords anonymously to see if they have expired. If something comes up, replace this password immediately – especially if you have used it again elsewhere. You can also sign up for free signals through the “Telling Me” link so you know if your email is displayed in future violations.
Activation of two -phator authentication (2FA)
2FA adds a critical additional layer of protection, usually a single code sent through an application or text. Even if someone gets your password, they can’t log in without this second step. Most basic services support it and this is one of the simplest, most effective protection you can activate.
Use Passkeys when available
Technical companies such as Apple, Google and Microsoft are promoting “Passkeys”, a more secure method without a password connected to your device. They are stored cryptographic, which makes them much more difficult to steal or slip and become more and more maintained in applications and services. You can learn more at: bit.ly/3rlt2py.
Ken Colburn is the founder and CEO of Data Toctors Computer Services, Datadoctors.com. Ask some technological question on Facebook.com/datadoctors or on Twitter @thedatadoc.
This article originally appeared in the Arizona Republic: How to check for password leaks: Protect from data violations