Incidents like Heartbleed bug and the recent Celebgate debacle make us want to believe that something like cent-percent privacy and security in today’s online world is only an illusion; and a recently-reported passwords’ leak of over 5 million Gmail accounts is the latest blow to the security claims that internet companies might make to assure their customers and users.
Yes, you read that figure right: 5 million! A list of these Gmail accounts and the passwords associated with these accounts on other services was ‘dumped’ on the internet earlier this week at a Russian website. Google confirmed the dump in an official blogpost but also assured the Google account users that only 2-percent of such combinations leaked online would actually work – and that too because the users of those accounts were careless enough to use the same password on different services associated with their account.
But how does that work? Let’s see: Now-a-days, most of the web-based companies/providers require you to log-in before they let you use their services. Not all of these providers, however, ask to create a dedicated account for their website, you can use your Google or Facebook accounts to prove that you’re not a robot. And here’s the kicker: if you have signed-up for any number of such services and are using the same password across the board as the one you use for the Google account itself, your accounts are at risk should any of those websites/providers get hacked.
That’s the reason that while there is no way to confirm that all of these leaked combination would actually work, given the sheer count of total leaked accounts, there’s still a chance that your credentials may have been compromised.
If you fear that your account might be one of the numerous many affected by the leak, you can confirm it by reviewing your account activity from an official tool provided by Google here, or checking it from a trusted online tool here. If you find anything to be out-of-order, you should immediately change your password and follow at least 3 general guidelines to prevent something like this in the future:
- Never use the same password for multiple accounts. This common-sense statement is a-given. The higher the number of accounts for which you use the same password, the more points-of-failure you add to have your online existence hacked yourself.
- Always choose a long, complicated password that has some significance for you but will be incomprehensible/hard-to-guess for anyone else.
- Enable 2-factor security for your accounts. The importance of this feature cannot be overstated. While it might sound cumbersome to fiddle for your phone whenever you log-in from an unrecognized device, it has some serious benefits in the long-run. A complete guide on how to do it was covered earlier here on TechJuice.
These guidelines, while still not a perfectly complete recipe to make your account hack-proof (there still could be someone standing behind your back, noticing your keystrokes!), are enough to at least make the process very difficult in comparison, and you can rest easy at night while frolicking in the fact if someone tries to hack into your account, it will take them thousands of years.