Security breaches and password reuse

How many times in the recent past did you receive advisories asking you to reset the passwords of your online accounts? 

  • Just a couple of weeks ago, MOZ.com, the popular internet marketing software advised all its customers to reset their MOZ account passwords, because the encrypted portion of some of the member passwords were made public for a brief time.
  • About a month back, online daily deal company LivingSocial Inc. alerted its 50 million users to reset their account passwords following a cyber-attack on their computer systems that resulted in unauthorized access to some customer data from their servers.
  • On March 2, 2013, Evernote revealed that hackers had gained access to their network and been able to access user information, including usernames, email addresses, and hashed passwords. About 50 million users of Evernote were asked to reset their passwords.
  • Nearly a year ago, over 6.46 million hashed passwords were reportedly stolen from LinkedIn. Following that, LinkedIn asked the affected users to reset their passwords.
  • During the beginning of 2012, cyber-criminals had apparently gained access to the internal network and systems of the popular online shoe and apparel shop Zappos through one of their servers in Kentucky. Zappos suspected unauthorized access to its customer information and asked customers to reset their passwords.

These are just a few prominent samples. The list will actually fill volumes.

Resetting the password in the affected site alone may not be sufficient!

password-reuse

When you receive advisories like the ones mentioned above, you would promptly change the password in that site and feel secure. But, the harsh truth is that passwords and other sensitive data exposed in a single site could potentially affect your entire online life. This is because of the simple fact that most of us tend to use the same password on all sites and applications. So, the hacker who succeeds in cracking your password, actually gets the ‘master key’ to access all your accounts.

Just consider these scenarios:

  • An employee has used the same password for his social media accounts as well as work email and VPN. Data expose at just one site could invite hackers to your organization’s doorstep!
  • You are using the same password for your social media account and for online financial accounts. Password expose at one place could potentially drain your account..

So, when security incidents happen at one of the places, you should essentially reset the passwords of all other online accounts too. But, before you could do that, you should have the list of all online applications in which you own an account!

There is no magic wand: Use a unique password for every site

It is always prudent to have unique passwords for every website and application and supply it ONLY on that site/application. When there is news of password expose or hacks, you can just change the password for that site/app alone. Frequently changing passwords as a habit is also highly recommended.

But, here comes the problem: You will have to remember multiple passwords – sometimes in the order of tens or even hundreds. It is quite likely that you will forget passwords and at the most needed occasion, you will struggle logging in, resulting in password fatigue.

The way out: Use a password manager

Just like you have an email account, consider using a password manager too. In order to combat cyber-threats, proper password management should ideally become a ‘way of life’. Password Managers help securely store all your logins and passwords. In addition, you will get an option to launch a direct connection to the websites / applications from the password vault’s GUI itself. Saving you even the ‘Copy & Paste’ task, logging in is just a click away. Once you deploy a Password Manager, you can say goodbye to password fatigue and security lapses.

And, Zoho offers Zoho Vault, an online password manager, which solves all your password management problems. Try Zoho Vault!

Comments

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts