We often tend to be creatures of habit, particularly when it comes to technology and passwords are a prime example. Many people use the same password for multiple websites and applications because we don’t have a photographic memory. Most users though aren’t aware that this is one of the most significant security dangers they can face online and one with an easy fix.
There are regular news stories about major companies being hacked along with their customer data stolen. Hackers then use the data stolen from one site to access other sites where login credentials have been reused between accounts. In some cases, bank account access has been gained simply by using a compromised email account.Businesses and individuals can face significant losses simply because a password has been reused across accounts and one of those accounts has been hacked.
The Danger Of Old Passwords
MySpace is a key example of why old and possibly forgotten services pose a security danger when passwords haven’t been regularly changed. Once a thriving popular network, the use of MySpace services declined drastically from around 2007. While many people moved to a new social network, old accounts typically remained abandoned on their servers – hundreds of millions of accounts remained on the MySpace servers many years past the firm’s peak.
In 2016, MySpace suffered a data leak which exposed all the usernames, emails and passwords of the 360 million user accounts. Shortly after the hack, these details were all published online for anyone to see and others used these details to access email, servers and other accounts that shared the same usernames and passwords.
Even if you have never had a MySpace or social media account personally, how many of your employees or coworkers have one or more? Many have had more social media, forums and game accounts than they care to remember. Do they use the same passwords across all these accounts and have their passwords been updated in the last 12 months?
Your business network protects your systems, work and intellectual property. For many firms it is the single most critical component to business operations. Keeping it secure regardless of the number of people, staff or clients using it is a crucial task.
Consider how many people currently have access and how many of those may reuse their password on another website or service. Just the single reuse of one password can expose your business to unauthorised access.
A good security policy is to use a unique and strong password for every login you use. A strong password should include, where possible, capital letters, lowercase letters, numbers and character symbols. Many consider this impractical or even impossible, but it is entirely achievable for every user.
Yes, it may be impossible to manually remember a strong password for each account but the use of a password manager makes using unique passwords very easy.
When using a password manager, a user is required to remember only one single strong password to access a database which contains a different login password for each account. This database can be synced between multiple devices, saved and backed up to the cloud and even used to create the strong passwords for you.
Password managers can be used to implement security policies that demand zero password reuse between services and can set strict limits over the duration a password can last. With the right policies in place, both users and your business are protected against attacks from hackers that have compromised third-party sites.
The maximum recommended lifetime of a password for any service is a single year. Make the start of the calendar year the time which you refresh your passwords and start new.
To help keep on top of your security and make sure your firm is safe well into the new year, contact us on 08 8326 4364 or firstname.lastname@example.org.