Password Hygiene Lessons from the Collection 01 Data Breach
In January 2019, a massive database of email addresses and passwords was released on the internet. This “Collection 01” breach included over 773 million unique email addresses and 21 million unique passwords, credentials assembled from numerous past data breaches.
Key Takeaways from FireOak’s Analysis:
- Weak, common, and easily-guessable passwords are still heavily in use.
- Password re-use continues to be rampant.
Collectively, 23 of the most common passwords appeared in the collection over 65 million times. These widespread practices—using weak, common passwords and re-using passwords across multiple sites—dramatically increase the risk to both personal and organizational data. Passwords are often re-used between work and personal accounts, exposing entire organizations to credential-driven attacks.
How to Improve Your Password Hygiene
- Use a password manager to store and manage unique passwords for every account.
- Never re-use passwords across different sites or services.
- Create long, complex passwords by combining multiple words and phrases.
- Enable multi-factor authentication (MFA) wherever possible.
Additional Resources
- Wikipedia, Collection No. 1
- Brian Barrett, “Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach.” Wired.
- Victoria Song, “Mother of All Breaches Exposes 773 Million Emails, 21 Million Passwords.” Gizmodo.
