A New York Times story says that: “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses…”. This was discovered by a company called Hold Security, that so far has not named the sites. I’m a bit skeptical of the news, however, when Hold Security has a paid service to find out if your site is affected by this.
This emphasizes yet again the importance of using proper passwords and taking advantage of multi-factor authentication wherever it is offered.
Since the only good password is one we can’t possible remember, and they should be different for each site, the best approach is to use a password manager. Password managers both create strong unique passwords and save them for you. Here’s a recent PC Mag article on The Best Password Managers.
Make sure your password to get into your password manager is a strong one, and take advantage of multifactor authentication for it. Make sure you have a backup copy of those passwords. And lets hope that the password manager sites have protected themselves strongly enough that they can’t be compromised.