Risk of Password Exposure has been a problem for quite a while, but two new reports show why the risk of an account takeover is higher for most people than it ever has been.
Two factors have caused a rise in credential exposure. One is that the average person has more passwords to use for cloud services, social accounts, bank logins, etc. than ever.
The other factor is that credential theft has become the biggest threat for both phishing attacks and data breaches.
Login passwords unlock all types of treasures for hackers, including sensitive data, the ability to take over an account, access to email for sending spam, and direct access to bank or other financial accounts.
Cyber criminals know that they can bypass certain types of IT security if they have a legitimate user login. These types of insider attacks often go undetected for months and can take longer to remediate than other types of attacks.
Why should you be more concerned now about your passwords? We’ll go through the details below, along with tips on how to better secure your logins.
People are Juggling Multiple Account Logins
According to a report from cybersecurity company Digital Shadows, each person has an average of 191 different services that require use of a login password.
Because of this “password overload” many users tend to fall into many password bad habits that leave those accounts at risk of being hacked. These include:
- Reusing passwords between multiple accounts
- Using weak passwords because they’re easier to remember
- Saving passwords insecurely (such as in a non-protected spreadsheet)
A security survey by Google found that approximately 65% of people use the same password for multiple (or all) accounts and this includes across both less sensitive and more sensitive accounts.
For example, 31% of people stated that they use the same password for a streaming site as for sensitive sites, like online banking.
Statistics Show That Criminals are Targeting Passwords
The recent Verizon Data Breach Investigations Report (DBIR) shed light on a disturbing trend, which is that passwords are becoming a main target of hackers.
Here are several different statistics from the report that all point to the same emphasis on stealing user credentials. These include:
- Theft of passwords has become the #1 focus of phishing attacks
- 77% of cloud account breaches are due to stolen login credentials
- Password dumpers (malware that seeks out login credentials) are now the #1 type of malware used in data breaches
Why go after passwords with a vengeance? There are several reasons for this increased focus on stealing passwords.
Steal to Sell
Many hackers aren’t stealing login credentials to use themselves they’re stealing them to sell on the Dark Web. Login credentials fetch an average of $15.43 each for a hacker. That means one hacked database of 500 company logins can bring a nice payoff.
Access Financial Data
A hacker doesn’t necessarily have to steal your bank account login to gain access to your money. They could breach your social media account, and if you use the same password, it gives then the key to get into the more sensitive account.
Hackers know that users reuse passwords, and they’ll try a stolen login on every site they can think of, including PayPal and Amazon.
Get Past Security
Security standards for many networks and devices have continued to increase over the years, making it harder for hackers to break in.
This makes a user’s login credentials particularly attractive because if they login as a legitimate user. They can often bypass multiple security systems meant to keep out unauthorized users, but not legitimate users.
Take Over Email Account for Phishing
Phishing attacks are going out around the world daily, and they have to be sent from somewhere. It’s much better for a hacker to send phishing from a legitimate account than from one that may have already been blacklisted for sending spam.
If they gain access to an email account, or several in a platform like Microsoft 365. They can send out thousands of phishing emails instantly from a hacked user account before it’s shut down.
Tips for Protecting Your Passwords
Combating credential theft and keeping your passwords – and specifically, your accounts – safe takes following best practices for good password security.
Use Password Best Practices
It’s important to follow good password practices when it comes to all logins that you use. These include:
- Using long passwords, of at least 10 characters
- Using a combination of numbers, letters, symbols
- Using both upper and lower-case letters
- Not reusing passwords on different accounts
- Not sharing passwords with others
Use Multi-Factor Authentication (MFA)
Those few extra seconds it takes for you to receive a code via text message and input it to complete a login can virtually stop all compromised account incidents.
According to Microsoft, enabling MFA has been shown to stop 99.9% of fraudulent account sign-in attempts.
Use a Password Manager
Why do people reuse passwords? Because they have so many that they can’t possibly remember them all.
A password manager stores passwords securely and the user only has to remember one strong password to access all the others.
Additionally, a business password manager account can keep companies from being locked out of their accounts after an employee leaves the company.
Get Help Ensuring Your Login Credentials are Protected
RCOR can help your North Carolina business with protections that safeguard your login credentials and accounts.
Contact us today to schedule a consultation. Call 919-263-5570 or contact us online.