Methods for identifying compromised credentials and controlling account access

What is claimed is: 1. A computer-implemented method for securing an online account from a potential cyber-attack, the computer-implemented method comprising: at a remote authentication service: maintaining a plurality of online accounts, wherein each online account of the plurality of online accounts is associated with a corresponding set of credentials and a corresponding service provider of a plurality of remote service providers associated with the remote authentication service, and wherein each corresponding service provider contains a corresponding online account access policy defining one or more mitigation actions to be implemented by the remote authentication service and including online access requirements that govern access to the each corresponding service provider: collecting, via one or more networks, a set of compromised credentials of a first online account, from the plurality of online accounts, that is associated with a first service provider, wherein the set of compromised credentials is collected from one or more repositories known to include compromised credentials; identifying a first credential component of the set of compromised credentials, the first credential component comprising a username of the compromised credentials; identifying a second credential component of the set of compromised credentials, the second credential component comprising a passcode of the compromised credentials; identifying a second plurality of online accounts including the plurality of online accounts and not including online accounts corresponding to the first service provider; testing the first credential component and the second credential component against each corresponding set of credentials for each of the second plurality of online accounts; detecting, by the remote authentication service, a match between (i) one or more of the first credential component and the second credential component of the set of compromised credentials and (ii) one or more of a first credential component and a second credential component of a vulnerable one of the each corresponding set of credentials for each of the second plurality of online accounts; in response to the detecting the match, automatically tagging one of the plurality of online accounts corresponding to the detected vulnerable credentials and a corresponding second service provider of the plurality of remote service providers as an at-risk online account, wherein the at-risk online account relates to an online account having credentials vulnerable to being compromised in a potential cyber-attack; implementing a mitigation process for the at-risk online account, comprising: authenticating the remote authentication service with a computing device of the second service provider to access and modify the included online access requirements of the at-risk online account; in response to being authenticated by the computing device, reading, by the remote authentication service, the corresponding online account access policy and the corresponding one or more mitigation actions from the computing device; determining that the remote authentication service is capable of modifying the included online access requirements of the at-risk online account according to the read policy and the corresponding one or more mitigation actions; and in response to the determination, modifying the included online access requirements of the second service provider by implementing the read one or more mitigation actions to protect the second service provider from the potential cyber-attack. 2. The method of claim 1 , wherein collecting compromised credentials includes periodically collecting, via the one or more networks, the compromised credentials from the one or more repositories known to comprise compromised credentials, wherein the one or more repositories known to comprise compromised credentials include public sources and private sources that are accessible via Internet. 3. The method of claim 1 , further at the remote authentication service: configuring a compromised credentials database that stores compromised credential data processed into a normalized format, wherein processing the compromised credential data into the normalized format includes: augmenting the compromised credentials data with one or more of services associated with the compromised credentials data and account activity data. 4. The method of claim 1 , wherein testing the compromised credentials further includes checking the compromised credentials against one or more of an account directory and a directory service of the service provider for each of one or more of the plurality of online accounts to determine whether any credential components of the compromised credentials matches one or more credential components associated with credentials of online accounts in the account directory or the directory service. 5. The method of claim 1 , further at the remote authentication service: presenting the compromised credentials including presenting one or more account access policy settings that are used to modify access to the online account associated with the compromised credentials. 6. The method of claim 1 , wherein selecting one of a plurality of online account access policies includes: selecting an account access policy that requires user action prior to accessing the online account; or selecting an account policy that requires implementing, in response to a user successfully performing a user action, multi-factor authentication prior to accessing the online account. 7. The method of claim 1 , further comprising, at the remote authentication service: generating a visibility level for the compromised credentials, wherein the visibility level indicates a degree to which the compromised credentials have been disseminated, wherein reading the corresponding online account access policy is based on the generated visibility level for the compromised credentials. 8. The method of claim 1 , further at the remote authentication service: monitoring one or more compromised accounts, wherein the monitoring includes identified account activity involving a use of compromised credentials to access one or more associated accounts and capturing the account activity of the one or more associated accounts; and in response to capturing the account activity, automatically alerting one or more service providers associated with the one or more associated accounts and providing an account activity report comprising an indication of the captured account activity. 9. The computer-implemented method according to claim 1 , wherein automatically selecting the corresponding online account access policy includes: selecting a less stringent online access policy if only one of the first credential component and the second credential component of the compromised credentials of the first online account matches one of the first credential component and the second credential component of a second online account; and selecting a more-stringent online access policy distinct from the less stringent online access policy of the plurality of online account access policies if both of the first credential component and the second credential component of the compromised credentials of the first online account matches both of the first credential component and the second credential component of the second online account. 10. An apparatus comprising: a communication interface configured to enable network communications; one or more computer processors associated with a remote authentication service; one or more computer readable storage media; program instructions stored on the one or more computer readable storage media for execu