Between company logins, online banking, personal email accounts, and various social media accounts the average user is required to come up with a lot of passwords. Unfortunately, many use the same password for all of their logins, simply for the sake of convenience. This poses a huge security risk, as once any one of those services is hacked and the user’s password becomes compromised, all of the other accounts are in jeopardy.
A recent article in the WSJ gives a perfect example of why using common passwords is certainly not considered best practice. Bigwig tech execs of Facebook, Google, and Twitter had their accounts hacked and some are believed to have reused passwords that had been stolen during hacks of LinkedIn, Myspace, etc. The article also mentions a database called “LeakedSource” where almost two billion old passwords can be viewed online.
If a hacker knew your Facebook password, would they be able to access your online bank account or company email?
With an estimated 8% of LinkedIn usernames and passwords that will work on other services, users are placing their other accounts, data, and company/client information in harm’s way by using common or weak passwords.
Big companies such as Carbonite Inc. (online data backup providers) are taking action by forcing all users to change their passwords (much to the chagrin of their users). However, it’s a good idea to follow suit. Change all of your passwords regularly (at least every 60-90 days) and have your IT staff force mandatory password updates on a similar schedule. Use a unique password for various online accounts and don’t use simple variations of the expiring password that would be easy for someone or a computer to guess.
Companies should also look at investing in tokenization or two factor authentication services which will confirm the user’s identity via a temporary code generated by a token or mobile app after the user enters their system password. This way, even if their password is compromised their account cannot be accessed without the token’s key code. To help avoid the serious losses and negative effects of such a compromise, both retail and corporate entities, should have a solid risk management evaluation and action plan in place.
Contact us if you have questions or if you need help mitigating your company’s cyber exposures.
