Google passwordsIt may be time to change your Google password, considering nearly 5 million Gmail passwords and usernames appeared on a Russian Bitcoin forum on Wednesday, as reported by NBC.

How were these usernames and passwords leaked?

Unlike most of the other news we’ve heard recently, the Gmail usernames passwords were not leaked in a breach. Instead, these were most likely collected from a number of phishing and hacking attempts throughout the course of many years, as explained by Google.

Should you be worried about these leaked gmail passwords?

The short answer — probably not. Since this information was collected over a longer period of time, most of it is likely inaccurate. In fact, Google confirmed that only 2% of the stolen username and password combinations may actually work.

To protect the small amount of usernames and passwords that may still work, Google said its automated anti-hijacking system most likely protected the accounts by blocking many of those login attempts. In addition, it has required affected users to reset their passwords.

What can I do to protect myself?

Considering that only a small number of the stolen login combinations may actually work, there is not much you need to do in terms of protecting yourself. That being said, there are still some steps that you can take to make sure your Gmail account and personal information remains secure if there ever is a leak of usernames and passwords in the future.

1. Change your password: This is one of the best ways to keep your information secure on the Internet, regardless whether you’re trying to protect an email, bank account or social media account. Your password should be strong — consisting of at least six uppercase and lowercase letters, one number and one special character — and changed about once every three months. Although having to change your password so often may seem like a hassle, if you change your password regularly, you’re making yourself less vulnerable to an account takeover should your login information get breached. The easiest way to remember when it’s time for a change is to set a reminder in your email or phone that’ll alert you when a change is necessary.

Not sure how to come up with your new password? Let our step-by-step guide to creating a strong password help.

2. Enable 2-step verification: Google knows that people want to protect the information they store on their Gmail accounts, so it developed a tool called 2-step verification. This verification feature works in a rather simple manner, yet adds some major protection by requiring you to enter a unique code anytime you sign into your account on a new device. This code will be sent to you via text, voice call or Google’s mobile app. Because you can allow Google to remember certain devices, this is not a step that you’ll need to complete every time you log into your account on your home computer, cell phones or tablets.

To enable 2-step verification, you’ll have to first go to the Privacy menu on your Gmail account by clicking on the circle with your picture on the top right of the screen and selecting Privacy. Next, click on “Find out how to set up 2-step verification” under Tools and Information and follow the steps to enable the feature. Once 2-step verification is enabled, there’s no way that you’ll be able to access your Gmail account without the code sent to you, making it difficult for anyone with your password to log in. And since you’ll be alerted with a code anytime your account is accessed on a new device, you’ll know if someone ever tries to hack into your account.

3. Consider signing up for an identity theft protection service: Since we live in an age where technology stores so much of our personal information, most of us worry of the possibility that our identities will be stolen. One of the best ways to protect yourself from identity theft is to be proactive about it — that’s where identity theft protection comes in. These services monitor the use of your personal information on the Internet black market and alert you in the event that your information is being sold or traded to identity thieves. This means that if your information is breached and appears on the Internet black market, you’ll be alerted.

In addition, most of these services also offer three-bureau credit report monitoring that’ll actively monitor any updates or changes made to your reports and alert you of the change. This makes it easier to keep track of your credit reports for your own records as well as know if any fraudulent credit accounts are opened in your name.

Lastly, identity theft protection services will offer you step-by-step assistance throughout the restoration process in the event that your identity is stolen while you’re signed up for the service. Falling victim to identity theft can be a stressful situation, so it’s comforting to know that you’ll have the support you need.

Visit our identity theft protection reviews to learn more about how these services work, as well as find the best service for your needs.