This is the bad type of federation!
You’re not alone! The general public uses identical passwords across the board – home, work, Gmail, Facebook… even for banking.
Considering the number of passwords we’re expected to memorize and use daily, password exhaustion could be a terribly real issue. It’s no surprise that when those pesky login prompts appear that users often type in the easy to remember, and easily guessed combos like "abcdefg" or my personal favorite, "password".
Trouble is, while your password may seem like it is working, hackers are sneaking around the web scooping up usernames and passwords as they go. They gather from either leaked details or a site with security flaws.
Once they have the login details from one website, they then try their luck with the same login details at other sites. They recognize over half the users on the World Wide Web use the same password and login information. The chance they will open the door to your accounts is really quite high.
Even the big corporate names in technology are in danger of news-making password breaches:
360 million MySpace emails and passwords leaked.
(Does anyone use MySpace anymore?).117 million LinkedIn account details leaked.
Using the same password across websites? Well, be ready because eventually, they will fall like dominoes. One website breach leads to another, then one more and then another. They keep going until there is nothing more to hack and gain from the login information. One way to break this chain reaction is to use a unique password for every website.
How to Generate Very Easy to Remember Passwords
Have a method or template for making your own distinctive passwords, that you’ll be able to recall and will not be easily guessed by hackers.
For instance:
Becomes !K1ttyFB75!
It might appear sophisticated, however, the previously mentioned example is simply based on the words ‘kitty’ and ‘FB’ for Facebook. So using this method, you can now amend "FB" to an abbreviation for other sites. Now your password is unique for each site and not easily guessed, but easy for you to remember.
What Actions to Take if Your Password Gets Hacked
You need to look at all accounts. To see if they have been compromised you can enter your email for those sites into haveibeenpwned.com.
The site "Have I Been Pwned" (HIBP) is one of the best, most popular, and oldest sites around for this type of thing. They work hard to track down possible breaches, verify for legitimacy, and grab the data so you can see if you are affected.
All you need to do is type your email or username, press enter and HIBP searches the breached data and display anything that trips. If HIBP finds the email or username listed in a breach, you will need to change up the passwords on the listed sites right away, if you can. Then you will need to change passwords on other sites right away – each and every one.
This would be a good time to use the example method/template for generating passwords discussed previously. Some people still have trouble recalling their passwords even with a template. If this sounds like you then consider a password system that will generate complex passwords and then store them for you. Systems like LastPass and McAfee True Key have free and paid versions.
If you would like assistance implementing improved security practices for your business, contact us or leave a comment here on this post.
Would you like to start receiving articles like this and other related to ITSM, IT Policy, IT Consulting, and other IT service management related information today? – START HERE!
Posted from JoeBrochin.com LLC with SteemPress : https://joebrochin.com/password-exhaustion
I've been using KeePass for over a year. Highly recommended.
https://keepass.info/