In the digital age, data leaks have become almost inevitable. It’s nearly impossible to maintain online accounts without risking some of your passwords to cyberattacks, emphasizing the importance of using two-factor authentication (2FA). While many of us are aware that some of our passwords may be compromised, the reality of billions of passwords being readily accessible is staggering.

Recent research, as reported by TechRadar, reveals a text file named rockyou2024.txt containing nearly 10 billion unique passwords, all stored in plain text. This means anyone with access to the file can easily extract and use these passwords.

These passwords were not collected overnight; they were amassed over the past 20 years from various attacks and leaks. In the last two years alone, attackers added 1.5 billion passwords to the file. The sheer volume of unique passwords, with no repeats, is daunting.

The Danger of Password Leaks

The real threat isn’t just that anyone can search for specific passwords using simple commands. The danger lies in how bad actors can exploit these lists for brute force and credential stuffing attacks.

  • Brute Force Attacks: Cybercriminals attempt numerous passwords in rapid succession to break into accounts.
  • Credential Stuffing: Attackers use known username/password combinations from leaks to access multiple accounts, as people often reuse passwords across different platforms.

These attacks are automated, allowing computers to attempt millions of passwords quickly. With a database of 10 billion unique passwords, hackers can extensively execute brute force and credential stuffing attacks on both individuals and organizations.

Protecting Yourself from Password Leaks

Organizations must strengthen their defenses against such attacks, but individuals can also take several steps to protect themselves:

Check for Leaked Passwords: Use a leaked password checker to see if your credentials are compromised. If they are, change them immediately.

Use Strong, Unique Passwords: Ensure each account has a distinct, robust password. This prevents bad actors from accessing multiple accounts with a single compromised password.

Use Passkeys: If available, use passkeys instead of passwords, as they don’t have credentials that can be leaked.

Enable Two-Factor Authentication (2FA): Even if bad actors have your password, they can’t access your account without a trusted device like a smartphone or authenticator app.

Employ a Password Manager: A good password manager can help manage your credentials, generate strong passwords, store 2FA codes, and alert you when your passwords are compromised.

By taking these precautions, individuals can better safeguard their online accounts and personal information from cyber threats.