Change your passwords, please...

Change your passwords, please...

7th April 2020

When we’re asked to create passwords for new platforms that require a user name and password such as Facebook, Twitter & LinkedIn, we usually see this as an unnecessary annoyance. In this situation, some of us will do either of the following:

  • Think of a completely new password and write it down somewhere.
  • Use the same password as another site but change 1-3 characters.
  • Use the universal password of passwords which is used for all accounts.

If youusually go for the 3rd option, then you’ve got yourselfin some deep trouble! Here’s why…

When we create any type of account online, our username/password credentials get held on that company’s database. But most of us know that, and companies never share this with anyone, so what’s the problem? The problem is when these companies suffer a data breach…

Once this data is breached, attackers will have access to a password list, full of thousands or even millions (depending on the size of user-base) of usernames, emails, passwords and any other data which was stored and breached. In serious cases, data such as geographical locations, phone numbers, IP addresses, physical addresses, birth dates, and even credit/debit card information can be released! These extensive lists are then published on the dark web to be purchased by other cybercriminals.

49% of end-users in a survey have admitted to re-using the same password more than once. More than 1 in 10 will use the same password across all platforms…


https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic

In the last 10 years, there have been some big data breaches from companies such as:

  • Yahoo 2013 (3 Billion accounts)
  • MySpace 2013 (360 Million accounts)
  • Twitter 2018 (330 Million accounts)
  • LinkedIn 2012 (165 Million accounts)
  • Adobe 2013 (152 Million accounts)
  • eBay 2014 (145 Million accounts)

I would recommend that you check to see if your email and password have been caught in a previous data breach.

Go to https://haveibeenpwned.com and enter your email for instant results.

If you use the same password for multiple accounts and then think you’re in the clear for changing your password on just one site, you’re wrong… These lists are used endlessly by attackers to gain access to accounts that use the same email/password combination. The only way to counter this is to change that password on every website!

If you struggle to remember your passwords or have trouble thinking of new ones, there are many apps and websites out there which can help!

LastPass is an example of a protected password manager that stores your passwords securely, so you don’t have to! For more information, go to https://www.lastpass.com/.Remember, we’re all human, remembering unique, complex passwords is not an easy job…

Don't forget to check out our remote working packages here!

Ollie
Written by Oliver Boughton-Thomas - Cyber Security Apprentice