With 2.2 billion leaked email ids and passwords, it is time for a password reset and MFA

A database of around 2.2 billion email ids with associated passwords has been leaked recently. And it has already been downloaded more than 1000 times. 2.2 billion is about 30% of world population. If we take a conservative approach and take into consideration an average of 3 email ids per person, that amounts to almost 10% of the world population which is affected by this leak. The good news is that it is percieved to be an old database. But many studies have found out that we tend to be lazy when it comes to changing passwords frequently. Most of us never change a password once an account is created. Well the bad news is we do not know how many more billions of accounts have been hacked and we don't even know how many malicious actors are accessing these. As a general behaviour majority of humans crave for things to come with easy access. Hence they avoid using a cryptic and long password. Having a cryptic and long password is the most important step in securing your account. MFA (Multi Factor Authentication) is also a required necessity to give your account better security. Generally a majority of users skip this. MFA makes it very very difficult for a criminal to crack through your account. Again our tendency of having easy access is at fault. We overlook the huge consequences for ease of access. We rue it when it is too late and disaster strikes.

Multi Factor Authentication

Multi Factor Authentication (MFA) is an authentication method by which an account user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism. Mostly 2FA ( Two Factor Authentication ) is used which is a subset of MFA. In 2FA normally a security token is generated and sent to a device or an email which the user has. The security token has an expiry time too. You can use the security token after authenticating through the password for a lilmited period of time. An example of the 2FA is the OTP (One Time Password ) sent to a registered mobile number or a registered email when logging in to a bank account.

Password Manager

A password manager is an application which generates, stores and manages the passwords that a user has for various accounts. Password managers store the passwords in an encrypted format and provide secure access to all the password information with the help of a master password.

With the emergence of password managers things have become much easier now to have cryptic, strong and long passwords. We don't even have to create a password, the password manager will generate it for us. We don't even have to fill them also. Everything is taken care by the password manager. But along with a password manager I would also recommend MFA (Multi Factor Authentication). MFA makes your password manager vault and all your other accounts much more secure. It adds a layer of extra security. There are a lot of password managers around.

Following is a list of some popular password managers

• 1Password
• Dashlane
• Enpass
• SafeInCloud
• Intuitive Password
• Keeper
• LastPass
• Mitto
• KeePass

All the above password managers are good when it comes to creating and safeguarding passwords. They can also store the urls to the services you want to login. They can autofill the username and passwords too.

I'm not too fond of online password managers though. I want my critical data to always stay with me rather than handled by someone else.

I use KeePass which is freely downloadable and can easily be set up. It can easily generate cryptic passwords for you and save them along with the username and the url. By installing certain plugins it can also have the capability of autofilling username and passwords ( I don't recommend ).

I also recommend users to use 2FA to give it one more layer of security.

When it comes to cyber security, it has already been conceded that the world is lagging behind in the required number of cyber security manpower. The number of cyber criminals outnumber the number of cyber security professionals. Security people have to face numerous attack vectors. With so many cyber criminals around, the life of a cyber security professional is like a nightmare. With the emergence of subscription services like RaaS (Ransomware as a Sevice), it is possible even for a person without any advanced knowledge to trigger a ransomware attack. There are a lot of hackers who have acquired highly advanced skillsets. A lot of highly skilled hackers are always a step ahead of whatever security plans we have in place.

A lot of resposiblity lies with the corporates to safeguard our account details. The troves of data which has been leaked has been scraped from the larger organisations. When our account data is stolen from our service provider, we cannot do anything about it. The only saving grace would be if we have enabled the MFA.

Hence to easily and securely generate and manage all our passwords we must have a password manager and to add an extra layer of security to our accounts and services we must use MFA.

"Pathway to my heart is not easy, as the door guarding has a multi security lock, unlike ordinary locks where in one can just click n enter." -- Vimal Gurnani

Basheer Ahmed Khan

Marcom and Product Research