Why you are putting your data at risk by reusing passwords
The beauty of email is how easy it makes communicating with other people anywhere in the world. Which is why the humble email address is such an important and valuable asset.
For many years, most ‘secure’ websites have allowed users to create accounts using an email address and a password for their login details. And with the average user needing at least 19 passwords, many people reuse the same details time and again; here at Kimbley IT we call this kind of carelessness the new drunk driving.
A real world example
A recent report has revealed just how serious the matter really is, with news that roughly 50 employees at each of the FTSE100 companies had compromised corporate systems through poor password and email security. In every case, users made the same basic mistake – signing up for public websites using their “default” password, and their company email address.
When a popular UK football site was hacked, the user database was quickly published on the darknet. Hackers and analysts quickly discovered that more than 40 live logon details were included in the compromised database, allowing unauthorised users to gain access to secure resources.
Why do we use the same password repeatedly?
It is human nature to try and simplify any task as far as possible. So when it comes to passwords, it seems like common sense to use the same one repeatedly. Even when we know that this is a very, very bad idea, we tend to minimise the risk and assume we won’t be in the statistical minority caught out by hackers. Sooner or later though, this casual approach to password security will backfire - as the FTSE100 example clearly underlines.
Preventing password re-use
The most effective way to prevent duplication of personal and corporate passwords is to implement a policy that forces regular changes and the use of two-step verification. Monthly password changes at work are definitely annoying, but they do reduce the window of opportunity for hackers to break in.
Your users may not change their personal passwords regularly, but this approach all but guarantees that they cannot use the same phrase over and over again.
Simplifying the password management process
Your business should also investigate the use of a password management extension to simplify the process of generating and ‘remembering’ strong credentials. Apple’s Safari browser has just such a tool built in as standard, generating and storing strong passwords automatically.
But if your business relies on Google Chrome, Mozilla Firefox, or even Microsoft Edge, add-on tools like Lastpass provide exactly the same facility. And with add-on apps for users’ smartphones and tablets, your users will never lose their passwords again - even when out in the field.
Because these tools generate a new complex password automatically for every website or service, there’s no need to worry about users relying on the same passphrase for everything in future.