Avoid reusing passwords for multiple accounts

1.1k Views

Hu Jinyu

news

Just released

1119

collect

Introduction: When users reuse passwords across multiple accounts, it creates a golden opportunity for hackers to do damage.

Password reuse seems to be a common practice for many people, but this behavior can have a profound impact on a business's cybersecurity. When users reuse passwords across multiple accounts, it creates a golden opportunity for hackers to do damage.

A business may have a strong password policy, but if password reuse is widespread, it can create a false sense of security.

How password reuse causes damage

Assuming that every end user is prompted to create a multi-character passphrase made up of random letters, that could even be checked against a list of the most commonly used passwords. Active Directory password security looks strong on the surface, but the crisis begins when users reuse that password on less secure personal devices, websites, or applications.

With poor security, a hacker could break into a website's database and gain access to each user's password. From there, they can try to find out where the individual is employed and access their employment account. Attackers can also obtain certificates by attacking individuals through social engineering such as phishing.

In situations where passwords are compromised, hackers use automated tools to systematically test stolen username and password combinations on a variety of websites and applications, including those associated with the target's workplace. This puts business email accounts, internal systems, file repositories, and even administrative privileges at risk.

Once inside the network, attackers can move laterally to explore different systems and escalate their privileges. Attackers can access sensitive data, compromise other accounts, install malware, or launch further attacks within the network. They can filter sensitive data, manipulate or delete information, disrupt business, or withhold data as blackmail leverage.

Why people reuse passwords

Password reuse is mostly for convenience. Users tend to choose passwords that are easy to remember and often recycle them across multiple accounts to avoid the hassle of managing numerous complex passwords.

The emergence of password reuse is not surprising when we consider the increased burden on users in remembering and managing multiple passwords. People are overwhelmed by the number of accounts and passwords they need to manage, and this fatigue leads to shortcuts like password reuse.

Even if end users are aware of the risks through training, there is often a “that wouldn't be me” mentality, with a recent survey showing that 84% of people use the same password across multiple accounts.

Changing this behavior requires not only user education and security awareness training, but also technical support.

Solving password reuse issues

Addressing password reuse requires a combination of user education, technology solutions, and organizational policies. Change user behavior, raise awareness, and adopt secure authentication methods to reduce reliance on passwords.

There's a delicate balance between security and convenience. Businesses need to implement strong security measures to reduce password reuse, but they must also consider user experience to avoid burdening users.

User education and awareness

Conduct regular cybersecurity training sessions to educate employees on the risks of password reuse and the importance of setting strong passwords. People need to understand that even strong, unique passwords can be at risk.

Multi-factor authentication

Set up MFA as an extra layer of security. By requiring users to provide multiple forms of authentication, such as passwords and unique codes sent to their mobile devices, it becomes harder for hackers to compromise accounts. However, MFA is not completely secure.

password manager

Password managers securely store and generate complex passwords for different accounts, requiring users to remember only one master password. This eliminates the need to remember multiple passwords and reduces the temptation to reuse them. But if end users reuse their master password, this puts all of their accounts at risk.

Continuous encrypted password scanning

The best defense against password reuse is to implement a solution that continuously scans Active Directory passwords and comprehensive database compromised passwords to be able toCompromised passwords are detected in real time,Reduce the risk of unauthorized access,and respond quickly to security incidents。

Article translated from: https://www.bleepingcomputer.com/news/security/reusing-passwords-the-hidden-cost-of-convenience/ If reprinted, please indicate the original address