Is it time to change your password? Now that security researcher Alex Holden, of Hold Security in Milwaukee has uncovered a huge trove of stolen user credentials on the Dark Net, you might as well assume that yours are in this mammoth collection.
Alex Holden was born in the Ukraine, and his current surname is not the one he was given at birth. But he discovered that Russian cyber-criminals had gathered 542 million email addresses and 1.2 billion unique email and password combinations. Most of these records were already decrypted and up for sale on the Internet underground.
Holden’s story is fascinating. His parents were refugees from the disaster at Chernobyl, and his family bounced around from Moldova, to Italy, finally landing in Wisconsin. Since starting his cybersecurity business, he has amassed dossiers on over 6500 cyber-criminals, and tracked down all sorts of pilfered data for his clients. If you are interested in reading more about him, their is a great article on Popular Mechanics.
Back to the issue at hand. It is a reasonable assumption that your passwords have been revealed in this treasure trove, so you ought to do yourself a favor and replace your passwords before they get used against you by the bad guys. Here is what I recommend; create passwords that are at least 10 characters long. 15 characters is even better. The reason for going longer is that password cracking is done by powerful high speed computers or large botnets of PCs using massively parallel processing to try thousands of possible combinations in a second. Once you get over 12 characters, the length of time necessary to crack the password using brute force methods becomes very long, decades, or even centuries. Under ten characters the time is trivial; days, weeks, or maybe a month.
A password that would be very resistant to cracking would be 12-15 characters long, comprised of upper and lower case letters, numbers, and symbols. Once you think you have a good one, go to Passfault and test it out. Then update your accounts. Resist the urge to use the same password on multiple sites. Use especially long and difficult passwords on financial accounts and shopping sites.