If 2018 was the year of security breaches, then 2019 is not shaping up to make us more comfortable with our online security. In fact, we are starting 2019 with the largest leak of security information in history. Dubbed "Collection #1," this leak contains 773 million unique email addresses and over 21 million passwords, with a combined collection of 1.16 billion unique account credentials and 2.7 billion total credentials, collected from various sources.
The data was made available to Troy Hunt, who owns and operates the personal security platform HameIBeenPwned, which allows people to look up their email address and password to see how many publicly available breaches that address has been involved in, with details about each. We recommend that users search for their email addresses on a regular basis, but especially after a large hack. It will help you determine just how much of your information is available publicly and for sale online.
This will certainly not be the last time we hear about a security breach or leak in 2019. In fact, if things continue down the current path, you can expect "Collection #1" to not be the last one we hear. It is important to think about your data security and create a plan to protect your information. A common method is password managers, but those can get hacked, too, making all of your passwords available in the wild. In reality, the best plan is to create scenarios where getting your information is not enough to do harm.
For credentials, creating a 2-factor authentication method is a huge step in the right direction. Requiring that you use a 2FA app or receive a code via text is the most common solution, but we're seeing physical 2FA enter the market in a big way. We're currently reviewing a physical 2FA method called YubiKey, which we will have a video and review on soon, but so far it looks like a great security method.
In addition to your credentials, you should protect your financial information. We've begun working with Privacy, which allows you to create 1-time use cards for use online - for free. If the retailer gets breached and your card information is stolen, it is only good at that retailer, and only until you terminate the card.
The important thing to remember here is that your information is never going to be secure, but there are some steps you can take to protect it above and beyond the norm.