Were you pwned in the recent password megabreach?
If you read last week’s blog you already know that a weak password is one of the biggest threats to your company’s sensitive data. Possibly, you’ve followed these tips to protect yourself. This week we want to go a step further and stress the importance of having a different password for every site and service you use.
Why is this so essential? In a recent string of megabreaches, over 640 million passwords have been compromised and massive collections of passwords from various online services are being posted online.
If it can happen to a celebrity, it can happen to you. In recent weeks Katy Perry and other celebrities have seen their social media accounts hacked. Facebook’s Mark Zuckerberg was even outed for using the same weak password – “dadada” – on more than one social media site.
Many of us re-use passwords across multiple sites, without considering that a stolen LinkedIn password may allow cybercriminals to get into a victim’s Twitter, Facebook, Snapchat and Google accounts. Things get more serious than social media when cybercriminals use stolen social media passwords to access and empty users’ PayPal and bank accounts.
As we’ve said before, it’s human nature to take the easy way out with a password that’s easy to remember. Recalling strong passwords (of 12 or more alphanumeric combinations) isn’t easy, especially when you have ten or more distinct passwords (the average person uses 28 different cloud services). But there are steps you can take to protect yourself against cybercrime.
Here are our suggestions for protecting your password:
- Check your email against a breach database. Check your email at sites like LeakedSource or haveibeenpwned.com to see if your email is among the millions that were recently compromised. If you find that it was, change all your passwords, especially those you use for email (work and personal), banking and social media.
- Always create strong passwords. Hackers are smarter, faster and more devious than most of us. Passwords created based on your login, email address, hometown, birthdate or favorite food can be cracked in seconds by hackers armed with strong crackers and password dictionaries.
- Make your password random. If you’re worried about how you will remember them all, we recommend using a password manager app. If you write them down, be sure to hide them in a locked drawer only you can access. Do not store them on a sticky note on your desk or an unencrypted file on your computer, phone or tablet. Try using a passphrase you won’t forget and make sure to include some symbols and numbers.
- Practice good password habits. Add password updates to the maintenance you already do on a routine basis, like changing water filters, trimming hedges or paying quarterly taxes. Be sure to change your password any time you suspect a chance of a compromise. Don’t ignore breach notifications and take immediate action as instructed. Use two-factor authentication (2FA) whenever it’s offered and especially with your most sensitive accounts such as banking, email and password managers.
- Protect your business. So much of the work we do is controlled and secured via passwords, it is essential for your business to protect its passwords and user credentials. If hackers obtain even one set of semi-valuable credentials, they can find their way into the entire business network, setting up malware and ransomware to be used at their convenience. They are also able to use your company’s stolen credentials to access the networks of your business partners, customers or vendors.
The current state of password abuse is alarming, especially as we are all becoming more dependent on digital technology. Strong passwords, security awareness and good cyber habits are your best defense.
For the most secure protection, including privileged account management solutions that automate, monitor and enforce password policy adherence, contact the IT Specialists at K2 Tech Group. We can assess your risk and put a plan in place to protect your company and its sensitive data.