A hacker forum recently leaked 8.4 billion passwords, which means you were likely affected. The anonymous poster who uploaded the compilation, dubbed "RockYou2021", to the forum claimed it contained 82 billion passwords. However, CyberNews analyzed the file and determined that it contained a significantly lower amount: about roughly ten percent. A leak of this scale all but guarantees that one, if not many, of your passwords have been compromised.

Given that your data was likely to be involved in this leak, you need to reset your passwords. Here are some best practices to keep in mind when doing so.

1. Don’t use the same password for multiple accounts  

This ensures that if a company has a data breach and your password is compromised, you only have to worry about one account. If you reuse passwords and there’s a data breach, you need to take action on all of those accounts. The additional risk is not worth the convenience of reusing the same password. There are password managers to help you keep track.

2. Don’t use personal info in your password

Never use your personal information as part of your password (your pets’ or family members’ names or dates of birth), as this type of information can be easily obtained. The goal should be making your password impossible to guess and “Fido2021” isn’t difficult to figure out. 

3. Use a strong password

A strong password is your first line of defense. Comparitech and my1login offer free services which will check the strength of your password and many browsers will now suggest strong passwords. This can help you avoid using common words, which is important because cyber criminals  use programs that systematically try every word in the dictionary.

4. Turn on multi-factor authentication (MFA) when available

MFA is an additional layer of verification that is required to grant access to an account, beyond entering a username and password. While no one loves adding one more step, implementing MFA greatly reduces the likelihood of a successful cyberattack on one of your accounts. MFA usually looks like a one-time security code via SMS text or through a designated app.

5. Change your passwords regularly 

You might not know that someone has access to one of your accounts, so getting into the habit of changing your passwords regularly decreases the likelihood of someone gaining access. It will also revoke their access in the event that one of your accounts has been compromised. A password manager makes this process much easier.

Beyond that, you can monitor the dark web to determine if any of your login credentials have been leaked. This allows you to know which accounts and passwords have been compromised, so that you can make changes accordingly. 

Now is the perfect time to update your passwords and turn on MFA. We strongly encourage everyone to do what you can to protect yourself from identity theft and take control of your digital identity. Data breaches are all too common and we all have to stay vigilant. Spread the word to your friends and family, too, as they were very likely affected by the RockYou2021 data breach as well.