Compromised Passwords and Turning Off Hackers

Did you know that cyber criminals, aka the “bad guys”, have more than 15 billion compromised passwords[1] to choose from when trying to break into your system?  And where, you may ask, do these compromised passwords come from? 

One infamous password collection—dubbed “RockYou2021”—is thought to be a compendium of passwords cobbled together from data breaches[2].   It is estimated that this list is comprised of over 8 billion legitimate passwords collected from a series of data breaches that included username/password combinations. 

Given the size and scope of the leak, anyone who does anything online should check if their passwords were compromised. To check whether your password is safe, there are several free and easy options you can use. They include:

Since the databases that each of these resources uses are likely not identical, it would be smart to check as many as possible just to cover all your bases.

So, before you grumble about having to use some form of multi-factor authentication (MFA) you may want to make sure your current password hasn’t been hacked.

And for those of you who don’t know what MFA is, here is a quick overview.  As the name implies, MFA blends at least two separate factors. One is typically your username and password, which is something you know. The other could be:

  • Something you have. A cellphone, keycard, or USB could all verify your identity.  Often it is an app on your phone that provides a one-time password, otherwise known as an OTP.
  • Something you are. Fingerprints, iris scans, or some other biometric data prove that you are who you say you are.

MFA is a great “hacker turnoff”. So, even though it means that it might take a second longer to sign in, remember your hacked password and thank your IT Security director for that added little bit of protection MFA provides.


[1] https://www.okta.com/identity-101/why-mfa-is-everywhere/

[2] https://www.consumeraffairs.com/news/new-84-billion-password-hack-breaks-records-060821.html

Post written by Vinny Sakore, Director of Cybersecurity Education at Messiah University. Vinny spent 20+ years in the information technology and cybersecurity field. His industry experience includes serving as Verizon’s HIPAA Security Officer and stints as Chief Technology Officer for two healthcare technology companies. He continues to remain active in the industry by providing consulting services to a number of organizations including NetDiligence, Inc. (www.netdiligence.com).

Photo credit: George Prentzas via unsplash.com