Published: April 11, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Most of us know by now not to use the same passwords for different accounts; yet some of us still do. But users who continue to use passwords they know have been exposed in a hack are truly flirting with danger. In a recent study, Google found 1.5% of passwords are still being used despite those users knowing they’ve been compromised. While there’s no shortage of mega breaches and hacks in the news that expose countless passwords and other data, many password users don’t heed the warnings. A security researcher discovered more than 22 million unique passwords and over 770 million email addresses were made public on a popular hacker forum earlier this year. The massive discovery is believed to be the largest data dump to date. With numbers like these, it’s no secret that continuing to use exposed passwords puts those users at risk of being exploited yet again.
Most of us wouldn’t hand our car keys to a car thief, but reusing compromised passwords may be doing just that. Hackers who get passwords from data dumps or buy them on the dark web have the keys to enter sensitive accounts. Data breaches result in hacked passwords, those passwords give access to an account, and that access can lead to the theft of other PII (Personally Identifiable Information) like bank and credit card information. Those who reuse the same compromised passwords for different accounts can also become victims of credential stuffing. Hoping to access even more accounts, hackers “credential stuff” stolen passwords by trying them on other accounts belonging to the same user. Since this type of hack is on the rise, so are the opportunities a hacker has to steal even more PII. Either way, reusing passwords involved in a hack or breach can be a lose-lose situation.
Change passwords immediately after finding your account may be exposed in a data breach.
Use strong and unique passwords for each account and change them regularly. Include letters, numbers, and special characters.
Use two-factor (2FA) or multi-factor authentication (MFA) when available, as they provide additional layers of security when logging-in.
Keep passwords to yourself and don’t share them.
Be aware if of others watching when you type a password and always logout, and close the browser window if applicable when done.
Check password strength, if a website offers a strength analyzer when creating an account.
Avoid using passwords with unsecured Wi-Fi as they can be intercepted and stolen.
Need a tip for creating passwords you can remember? Try creating a base password of at least six characters. Then add some characters from the related website to that to create your password. For example, if the base password is “XP2#z%” and your account is at acme.com, your password for that account would become “XP2#z%Ac” using the first to characters of the website on the end.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org