Nearly 800 million email addresses, passwords exposed: How to know if you were affected

If you’re one of those people who use the same credentials for all your online accounts, an historic cybersecurity discovery re-emphasizes the importance of strong password protection.

In December, more than 770 million email addresses and passwords were posted online on a hackers forum, according to The Guardian. The newspaper calls the haul "the largest collection of breached data in history."

How to find out if your email address and passwords are compromised

Security researcher Troy Hunt, who discovered the haul, said that it is likely “made up of many different individual data breaches from literally thousands of different sources” — some old and some new — rather than representing a single hack.

Of the hundreds of millions of emails and passwords listed, Hunt, who runs the breach notification site Have I Been Pwned, estimates that "there's somewhere in the order of 140 million email addresses in this breach that HIBP has never seen before," according to The Guardian.

Have I Been Pwned is a site that will tell you if any email address you’ve used has been exposed as a part of any security breach they’re aware of.

Go here to check your email address(es) . If you discover yours has been exposed, change your password(s) immediately!

Another benefit of signing up with Have I Been Pwned is that the site will alert you via email anytime one of your email addresses is exposed. In fact, one member of Team Clark received this from them yesterday:

Password protection: 3 free ways to keep your info safe

These hackers are only successful because many us continue to reuse our credentials on numerous online services that require signups. Here are some tried-and-true free password managers to ensure that your password protection is solid:

• DashLane offers a free service that generates a new master password for all your devices every time you use it. The service can be used as a digital wallet, as well. A Premium version with even more features costs $60 a year.
• TrueKey is a major free password manager that uses multi-factor authentication such as facial and fingerprint recognition, two-step verification and more. The free version only allows you to save up to 15 passwords, though. Premium is $19.99 a year.
• Roboform is one of the oldest password managers out there. Since 1999, it has been keeping Windows, iOS, Android, and Mac users safe with its easy-to-use interface. A paid version costs $24 a year.

Money expert Clark Howard says that in this climate of constant data breaches, even password managers aren’t above criticism.

"The fear with these sites is that crooks would only have to crack one website to get the keys to the kingdom," he says. "But using one of these sites is still a smart idea and good way to protect all of your online accounts."

If you don’t want to use a password manager…

If you choose not to use a password manager and still want to change your log-in information, the key to creating a strong password is not to use common information about your lifestyle.

For example: If you're a lawyer, don't use lawyer123 or incorporate your home address or city in your signup info. The best passwords are indecipherable and contain letters, numbers and special characters. Here are some more tips to remember.

Stay up to date with the latest cybersecurity tips and more at Clark.com. Subscribe to our newsletters and follow us on Twitter and Facebook!

More Clark.com stories you may like:

• 6 common password mistakes + how to avoid them
• Be careful with online password managers
• How to protect your online accounts

The post Nearly 800 million email addresses, passwords exposed: How to know if you were affected appeared first on Clark Howard.

Clark.com