How Passwords Get Compromised
Have you ever checked on your passwords and noticed a warning that they’ve been compromised? One compromised password can put all your credentials at risk, but how does this happen? Your passwords may be showing as...
Password reuse is a common practice amongst teams that can lead to a cybercriminal getting a hold of your online credentials. Despite knowing that it can leave your accounts compromised, a majority of people are still guilty of reusing their passwords.
Results from an online security survey by Google and Harrison Poll found that:
As cybercriminals use more sophisticated attacks, organizations must emphasize the importance of good cyber hygiene practices to prevent data breaches. Keep reading to learn more about why you shouldn’t be using the same passwords and some strategies to avoid password reuse.
Password reuse is when a person uses the same password across multiple online accounts and services, such as using the same password for your email address and bank account. Many people may reuse a password because it’s easier for them to memorize one password instead of several. However, this poor practice can lead to a password reuse attack.
A password reuse attack is a type of data breach where a cybercriminal gains access to multiple accounts due to recycled login credentials. Victims should immediately update their usernames and passwords of accounts that use the same credentials to prevent attackers from gaining access to even more accounts.
If you do not change your reused or unsecure passwords following a data breach, cybercriminals can use credential stuffing attacks to take advantage of accounts that you neglected to update login information for. Reusing the same password across multiple platforms and web applications can cause a domino effect of multiple accounts being compromised due to a single password.
In an incident reported by Forbes in April 2020, more than half a million Zoom account login details were made available in dark web crime forums. Cyberattackers managed to get a hold of these stolen credentials by going through online databases containing previously compromised passwords dating back from 2013.
In addition to making the conscience choice to prevent password recycling, there are other strategies to avoid this harmful practice. Use the tips below to prevent recycling login credentials.
Educate your employees on cyber hygiene best practices and set policies in place to prevent security risks. Ensure that training for new employees covers the best practices they need to follow to stay protected. Hold frequent training with current employees as a refresher. Examples of creating policies to enforce password hygiene are requiring employees to change their passwords periodically, as well as requiring a minimum password length to strengthen their password security.
Shockingly, roughly 57% of employees have admitted to saving passwords on a sticky note, according to a Keeper report surveying 1,000 employees in various industries. Rather than relying on a piece of paper, it is much easier and safer to use a password manager.
A password management tool is an effective and convenient way to ensure you have the best password hygiene possible. Rather than putting the responsibility of remembering passwords on your employees, a password manager automatically generates strong passwords, saves credentials in a digital vault and autofills the details into the platform’s login page.
The password generator creates unique passwords, making it difficult for cyberattacks to guess. The password vault stores login details, removing the responsibility for your employees to memorize multiple usernames and passwords. And the autofill feature prevents your team from having to manually type in their credentials, protecting them from keystroke logging software. Password managers often have Multi-Factor Authentication (MFA) available, a feature that can prevent 99.9% of cyberattacks, according to Microsoft.
Additionally, password managers often have the added benefit of auditing your password security. Keeper’s business password manager has an admin console that displays to admins which employees have weak or duplicate passwords stored in their vaults. Teams can also opt in for additional protection such as dark web monitoring to receive alerts if credentials are ever found on the dark web.
Join millions of people and thousands of businesses that use Keeper’s business password manager. Our zero-trust and zero-knowledge security solution protects your team against cyberthreats. We enable your organization to achieve complete visibility, security and control across every team member on all devices.
Try our password manager today with our 14-day free business trial and see how we can protect your company’s credentials from cyberattacks.
Right now, a staggering 82% of survey respondents admitted to storing login credentials in a notebook or journal, according to the 2021 Workplace Password Malpractice Report by Keeper. Passwords should not be stored anywhere that can be accessed by an unauthorized person. Instead, passwords and credentials should be stored safely in an encrypted digital vault provided by a reliable password manager.
It is never okay to reuse a password.
Yes. Adding more characters can make a password more secure. Other ways to create a secure password include:
Also, avoid creating passwords containing personal information such as important dates and names.