The use of weak and stolen passwords has consistently been highlighted as the most prevalent hacking technique cybercriminals use year after year. Yet, even at the world’s biggest businesses, many employees continue to use the same passwords for their personal and professional accounts. The most frequent password reuse practice uses the same password and email address or account name for numerous websites and services, such as work email, Netflix, a bank, and a personal email account. Because of numerous threats, password reuse is one of the weakest links in cybersecurity.
It has been recently discovered that 65 percent of people repeat their passwords for several websites and apps. Although, 91 percent of adults believe that using the same or a variant of their password is dangerous. Given that login credentials serve as the first and most straightforward line of defense against threat actors, it is critical to take password security more seriously in the coming months to safeguard people and businesses online presence.
The Dangers of Reusing Passwords
Hackers who successfully brute force their way into one of your shopping accounts, continually attempting various combinations until they get access. They would almost likely attempt to use that password with the rest of your accounts. Your bank account, emails (personal and professional), and home network are all vulnerable to hackers when you use the same password across all your accounts, making it one of the weakest links.
This problem does not just affect you; it also impacts your whole network, including your company and organization. Cybercriminals may be able to get access to your employer’s network via your personal and work accounts if you have poor password management. Simply stated, employee carelessness is the most significant cybersecurity risk for companies in this digital age.
In a real-life example, the Colonial Pipeline assault, which brought down the biggest gasoline pipeline in the United States and caused fuel shortages all along the East Coast, was the consequence of a single stolen password. It was found in a batch of leaked credentials on the dark web. There was a possibility that a Colonial employee used the same password on another account had already been compromised.
Additionally, Zoom was also a victim of a credential stuffing attempt that compromised 500,000 user accounts. When it came to this assault, security experts discovered that the perpetrators had utilized existing databases of stolen credentials that people had traded on online hacker forums and dark web marketplaces. Some of the datasets were as old as 2013, according to the researchers.
There is no shortage of malevolent individuals who are eager to obtain some of your personal information for their own purposes on the internet. You are not particularly good at remembering complex passwords creates an opportunity for an online attack vector. The goal for cybercriminals is fraud, which is usually done for financial benefit.
How Can You Avoid Cyberattacks Caused By Passwords Reuse?
While it will not completely protect you from future cyberattacks, strong passwords hygiene, like using a different, complicated password for each account, is a simple but essential step. It can protect your personal information and reduce your chances of becoming an online assault victim. By combating the negative behaviors that afflict modern digital lives, you keep passwords to become the weakest links in cybersecurity practice.
Thus, it is necessary to use multi-factor authentication (MFA), cybersecurity education, password management programs, appropriate configuration, and improved password screening technologies. These solutions, either alone or in conjunction, help to minimize cyberattacks.
- Use a Strong, Complex Password
When you use weak passwords linked to your identity and lifestyle somehow, it becomes one of the weakest links and may be simple to break using a dictionary attack. Many commonly-used password-generating methods, such as swapping digits for similar-looking letters, are taken into consideration by the majority of dictionary attacks these days. Long strings of randomly generated letters or phrases are used to create uncrackable and resilient passwords that are hard to decipher. It should have nothing to do with whatever you do or like. Avoid using significant names, dates, objects, pets, and other things. Use a minimum of 12 characters and a combination of lowercase and capital letters. You should include numbers and symbols as well.
- Practice MFA
When using multi-factor authentication, you usually start with a login and password. After that, you must enter a one-time pin code received through an app or SMS message or conduct a biometric scan such as a fingerprint scan to complete the transaction. MFA is a mix of elements, which may include something you remember (your login credentials), something you have (a smartphone app), and something you are (fingerprint, retina, or face pattern).
- Utilize Password Managers
It will always be challenging to remember all those complex and unpredictable passwords. Therefore, eliminating the need to remember your dozen or more unique passwords is one of the most straightforward methods of dealing with your plethora of passwords. It is either software or a web service that needs multi-factor authentication (MFA) to access and save your passwords in an encrypted manner. The site to which the account information belongs is also included. Many of the best password managers can also create unique passwords for you and update your passwords regularly.
- Conduct Employee Training and Development
Individuals must be taught how to establish effective and robust passwords that are simple to remember yet difficult to guess. This is a crucial component of any security awareness training program. It is less probable that a trained user would choose to use outdated or hacked passwords in the first place.
Final Thoughts
Password reuse is indeed a significant cybersecurity issue, but it does not have to be that way. While there are limits to remembering unique passwords for each account, easy measures can be taken to ensure that an online presence is far from being at risk of being compromised. You may prevent your passwords from becoming the most significant danger to your security posture. Implement authentication management solutions, provide staff training, and use effective technologies such as password managers. Although some of these methods are more secure than others, they all help minimize the probability of unwanted access. Threat actors will need more than simply a password to access your account due to these additional barriers.
References:
1. https://www.securitymagazine.com/articles/92331-of-people-admit-they-reuse-the-same-password-for-multiple-accounts
2. https://www.infosecurity-magazine.com/blogs/your-employees-reusing-passwords/
3. https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password
4. https://www.forbes.com/sites/daveywinder/2020/04/28/zoom-gets-stuffed-heres-how-hackers-got-hold-of-500000-passwords/?sh=2384c6bd5cdc
