News Internet & Security 52 52 people found this article helpful Billions of Passwords and Credentials, Possibly Yours, Are on the Dark Web You’re not the only one who knows your clever Spotify password by News Editor Kyree Leary has been a technology and gaming writer for nearly 10 years. His work has appeared on Digital Trends, IGN, Futurism, and more. our editorial process Twitter Kyree Leary Published July 8, 2020 Internet & Security Phones Internet & Security Computers Smart & Connected Life Home Theater Software & Apps Social Media Streaming Gaming View More Tweet Share Email Don't assume the password you've been using for everything isn't in someone else's hands. Time to get serious about credential creation and management. Leon Neal / Getty Images If you’ve never used 2FA or a password manager, it may be time to consider it in light of new information regarding your login details and who may have them. How bad is it? A new report from Digital Shadows reveals a truly staggering number of passwords and usernames have been stolen since 2018, totaling nearly 15 billion. That’s a 300 percent increase of credentials floating around the dark web, which includes media streaming and social media accounts. As Forbes put it, that’s roughly 2 accounts for every person on Earth. What’s more: Before you start patting yourself on the back for that incredibly unique passphrase you use for Netflix, know that Digital Shadows’ report also reveals that 5 billion of those are passwords that are not used anywhere else. Making a profit: While cybercriminals navigating the dark web do sell some of these credentials, a significant portion of consumer accounts are simply given away for free. When money does trade digital hands, however, prices vary. Bank and financial accounts sell for $70.91, on average; accounts for antivirus programs sell for $21.67; aforementioned consumer accounts go for $15.43; social media, file sharing, and streaming accounts sell for less than $10. Protecting yourself: “The message is simple – consumers should use different passwords for every account, and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised," said Rick Holland, CISO at Digital Shadows. Using different passwords is a good start, but consumers should also use 2-factor authentication, password managers, and authentication apps and keys, as they will only strengthen your security. While all this might take time to set up and get used to, it’s ultimately worth it. Bottom line: It’s easy to think your accounts are protected by lengthy, symbol-filled passwords and the websites that require them, but the truth is they aren’t. It'll take more than a clever phrase to be more secure. Via: Forbes Learn More About Password Security How to Use Google Authenticator to Protect Your Accounts So, You Want to See Some Strong Passwords? Here Are Several Examples