The online public's password habits are so bad, one hacker stockpiled more than272 million passwords for major email services, including Gmail, Hotmail, Yahoo Mail and Mail.Ru, Russia's No. 1 email service. On Wednesday, researchers revealed he had traded the logins for positive comments on a hacking forum.
A similar incident made headlines in November, when nearly 600,000 Comcast credentials were posted on the Dark Web, a hidden series of websites where criminals go to buy log-in credentials to break into your accounts.
Troy Hunt, who runs the security website Have I Been Pwned, says the passwords likely came from phishing attacks, a hacker strategy that prompts users to voluntarily hand over their information. He said that's all a hacker with a hoarding mentality needs to gather up millions of passwords, and it's unlikely the email services were hacked to get the credentials.
"We just simply haven't seen a vulnerability that has leaked large scales of email passwords," Hunt said.
Here's how you can take charge of your passwords and prevent your online life from spiraling out of control:
Use complicated passwordsDon't use info, like your pet pooch's name, that can be found on your Facebook page or Twitter account. Randomly generated passwords, preferably ones that use numerals and special characters -- you know, $ and % and # -- are best.
Sure, you could become a mental gymnast and memorize all your passwords. But it might be simpler to...
Software developers know that few people can memorize complicated, unique passwords for every online account they have. So they've developed password managers, like LastPass and 1Password, both of which can help you use every tip listed here.
Sure, password managers aren't perfect either. LastPass sold itself in October to LogMeIn, three months after hackers stole the hints to users' main passwords and the scrambled versions of those passwords, too. But it's still safer than trying to manage your passwords on your own.
And even if you're using a password manager...
Hackers know we're lazy. If they steal one of your passwords, they'll try it on all of your accounts. You wouldn't want intruders getting into your bank account just because it had the same password as your Twitter account, would you?
Limit your risk by having unique passwords for all your accounts.
It's also a good idea to...
If your password is stolen, it almost assuredly will be up for sale on the Dark Web.
That's what happened with the Comcast passwords, although only about a third of them were up-to-date. It would have been even fewer if Comcast customers had changed their log-ins more frequently.
And if you're willing to go that extra step, there's one more thing that's easy to do...
There's no way to guarantee that someone won't steal your password. So take advantage of multiple-factor log-ins -- two-step authentication that requires a separate code sent to your phone or email account to complete the process.
Almost before we knew it, we had left the ground. All their equipment and instruments are alive.Mist enveloped the ship three hours out from port. The spectacle before us was indeed sublime.A red flair silhouetted the jagged edge of a wing.