On Wednesday, 5 million Gmail usernames and passwords were leaked on the Russian bitcoin message board btsec.com. The news sparked a wave of panic among Gmail users, however in a statement issued by Google, less than 2 percent of the leaked credentials would have actually worked, simply because most of them were outdated by several years.
Despite the relative containment of this latest leak, here are some steps to ensure that your online identity is protected.
(1) Diversify your password portfolio:
The easiest method of protecting your Gmail account is to use a strong and unique password.
Websites are reporting serious security breaches with alarming regularity, which makes it a bad idea to recycle credentials across multiple platforms. Having the same, Gmail, Twitter, and bank account password could be disastrous, as one security breach could infect multiple services.
Passwords should also be complex enough to foil would-be hackers. Popular choices such as “123456” and the even more creative ”12345678” should be avoided in favor of more secure options. Microsoft suggests using at least 8 characters as well as a healthy combination of letters, numbers, and symbols to create a secure password.
(2) Enable 2-step verification:
Two-step verification is a powerful security measure that according to Google “drastically [reduces] the chances of having the personal information in your account stolen.” After enabling the feature via Gmail’s security settings, signing into Gmail from an unapproved device will require a verification code sent as a text message to the cell number associated with the account.
In the event that your account login becomes compromised, the additional verification code requirement will prevent hackers from accessing your files without having access to your mobile device.
(3) Beware of phishers:
As Google mentioned in their statement addressing this week’s “password dump”, most of the credentials included in the leak were obtained through a combination of “malware and phishing schemes.” Do not give your Gmail login to anyone other than Google and be extremely skeptical if asked for it by a third-party. Additionally, be sure to sign into Gmail through their official home page and not through hyperlinked web pages. Attempting to impersonate the Gmail login screen is a common phishing tactic, so be sure to verify that you are logging into the correct portal.
In addition to these precautionary measures, isleaked.com has released a web tool hosted by ovh.com that allows you to check if your information was included in the leaked credentials. The Is Leaked team doesn’t ask for your password, and they confirmed when contacted that the only data they collect is Google analytic statistics.
