There’s been a rush of articles suggesting what consumers can and should do to protect themselves following the news about the Russian hackers.  The fact that over a billion usernames and passwords have been stolen has meant that some consumers are overwhelmed given the magnitude of the theft.

Graham Cluley wrote an article explaining his initial hesitation about writing about Hold Security’s discovery or commenting on it when contacted by the news media (; “Security firm that revealed “billion password” breach demands $120 before it will say if you’re a victim”: August 7).  As he explained, his reservation stemmed from the paucity of information in Hold Security’s initial official statement.  So Mr. Cluley dug in more and found that Hold Security wants consumers email addresses and $120 per year for their new breach notification service.  Consumers whose email addresses are found are then asked for an encrypted version of all of their passwords so they can be compared against the Hold Security’s database.

There are obvious problems with this approach.  Instead, Mr. Cluley highlights Troy Hunt’s free service that checks breach information in its database.  I went to the site which is: and learned that my email address had been found in one of the breaches loaded into the system.  It was the breach about which I already knew.  I signed up for Mr. Hunt’s free service to get alerts if my email shows up in other breaches.

Password management is becoming more pressing and complex for consumers.  Thanks to Mr. Cluley’s investigation,  I’ll take a pass on the Hold Security fee breach notification system.

Mr. Cluley mentions LastPass, 1 Password and KeePass as several password management services that consumers should consider.  I’ll be looking at those and will write about them in future posts.