With 15+ Billion Passwords In Circulation, How Unique Are Yours?
By: Jim Stickley and Tina Davis
December 21, 2020
A report by Digital Shadows finds there are 15 billion+ passwords currently being used. With the average user having 191 accounts and services requiring a password or other credentials to use them, it’s time to take a look at keeping all of those passwords safe. Whether you have 5, 10, 191, or more, security experts warn that passwords and other account credentials are under attack now more than ever. Cybercriminals are going warp speed ahead perfecting credential hacking, making it better and more pervasive than ever. Despite the surge in attacks, the message from security experts hasn’t changed: Keep passwords unique and safe for every account and never reuse them for multiple accounts.
The report also shows the current 15+ billion credentials in circulation are up 300% since 2018. Only one-third, or 5 billion of these passwords are unique, leaving over 10 billion reused or recycled for any number of accounts. Researchers believe the jump in password exposure is due to the more than 100,000 data breaches we’ve never heard about. Since only the most massive breaches hit the headlines, many smaller attacks remain discrete, out of the news and unknown to their customers, who should be changing their account passwords ASAP.
Scary Stuff
It doesn’t help that methods for stealing passwords are widely available in criminal forums. Brute force attacks use credential stuffing to work, meaning tossing lists of stolen passwords at an account to come up with an exact match. The tools for these attacks are available online for an average of $4. Account takeovers (ATOs) happen when a hacker gains access to an account and changes the password and other information to their benefit, since they now “own” the stolen account. ATOs “as-a-service” means a criminal can rent an identity for under $10. Individual passwords are also for sale at the average price of $15.43 each. However, the price differs depending on the value of the data, with bank and other financial passwords available for an average of $70.91 each.
Good News!
The good news is, options are available to create stress-free, unique passwords that are much less likely to be abused by credential hackers. Going “old school” is a simple option, where writing down passwords and keeping them in a safe place (away from your computer) still works. Using a password manager is another option, but know that if that service is ever breached, your master password could be stolen and your passwords up for grabs. There’s always the option to remember a password using mnemonic tools since incorporating letters, ideas, and associations can make them easier to recall. One such suggestion is using the first two letters of the domain name when creating a master password. Since many user’s approach password safety differently, choosing the security method you’re most comfortable with is always advised.