RockYou2021: largest password compilation with 8.4 billion entries

MonSpyder9

Level 2
May 4, 2020
40
What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.

According to the post author, all passwords included in the leak are 6-20 characters long, with non-ASCII characters and white spaces removed. The same user also claims that the compilation contains 82 billion passwords. However, after running our own tests, the actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries:

rockyou2021-number-of-entries.png
A MAJOR leak this time. I think it's safe to say nearly all of us will be affected in some way. Are you guys changing passwords already?
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,069
LastPass Premium:

1Password:

Google Chrome users:

Microsoft Edge users:
 

MonSpyder9

Level 2
May 4, 2020
40
That's not the important thing for long time already.
People need learn to use 2FA and website devs need learn to provide 2FA, specially FIDO2.
But you can't have 2FA everywhere and it has its own risks no? I'm not sure if I want to give my number to all random sites I have to register just to login.
 
F

ForgottenSeer 85179

But you can't have 2FA everywhere and it has its own risks no? I'm not sure if I want to give my number to all random sites I have to register just to login.
You can do that on all sites which support it.

You're confused. 2FA doesn't mean that you need to give them your phone number. That's the worst 2FA method and shouldn't be used as it can be bypassed with stuff like SS7.
Sites provide an backup code at 2FA setup which you should store securely. Then their no risk at all.
2FA can also realized with hardware keys which is called FIDO(1) and FIDO2.
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,069
I'm not sure if I want to give my number to all random sites I have to register just to login.
SMS and Email are not secure methods for 2FA.

A mobile number is NOT required for Authentication apps, or hardware keys.
 
  • Like
Reactions: upnorth
Top