Password Reuse Continues to Plague Consumers and Businesses

By: Cynthia Crossland, Head of Marketing at Constella Intelligence

While most individuals are aware of the dangers of password reuse, Google found that only a third of Americans use a different password for all accounts. There is a disconnect between understanding and action, and this is largely driven by convenience. The average person has between 70 and 80 passwords, according to password manager NordPass, so people are understandably frustrated or unwilling to keep track of their various login details. However, password credentials are the first, and easiest, defense against nefarious actors, so it is imperative that we all take password security more seriously and protect ourselves and, by extension, our organizations.

Let’s start with the basics and quickly review why password reuse is harmful. If you use the same or similar passwords across personal and work accounts, it only takes one breach to put all of your accounts with the same password at risk. For example, if your fitness app or movie streaming account was previously breached, these credentials are likely circulating across the deep and dark web. It is only a matter of time before cyber criminals attempt to use them with other accounts, such as your bank or insurance provider, and gain entry to more sensitive information.

Importantly, poor password hygiene with your personal and work accounts could provide an easy entry point for cyber criminals into your employer’s network. Every employee plays a role in preventing outside attacks on their organization. Several of the most notorious breaches began with a breach of a single employee’s password. According to Verizon, “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” A seemingly innocuous error made by an individual can potentially cost a company millions of dollars, hefty legal fees and the trust of its customers.

Although it will not fully prevent against all future cyber-attacks, strong password hygiene is a simple yet necessary step in safeguarding your personal information and mitigating your chances of suffering a breach. Here are six easy ways to improve your password hygiene.

Use a unique, complex password for all accounts. And let’s be clear: unique does not mean changing a letter or number from account to account. In 2018, my company found that 21% of individuals surveyed use similar passwords to log into most accounts, 20% rotate 2-3 completely different passwords across accounts, 18% rotate 4-5 different passwords across accounts, and an alarming 17% use the exact same password to log into most accounts. If it’s easy for you to remember the different variations you use, it’ll be just as easy for a cyber criminal to figure out your password.

Implement multi-factor authentication, when possible. According to Microsoft, the extra layer of protection can “block over 99.9% of account compromise attacks.” With this extra barrier, threat actors will need more than just a password to breach your account. Make sure to keep your contact information up to date.

Periodically change passwords. Annual password resets are wise – a practice enforced by many companies. But remember, it’s not enough just to do the bare minimum and update one or two characters. Also, don’t wait if you believe your data is already circulating in underground markets. To render it obsolete, simply change your password right away.

Use a password manager. Password managers such as LastPass or 1Password can help generate and store complex passwords in an encrypted database, making it easy to keep track of all your various accounts.

Avoid sharing passwords. This one is self-explanatory – sharing your password with someone else opens up your network to any of their potential mistakes.

Invest in an identity theft solution provider. Identity monitoring services alert individuals when their credentials or other personally identifiable information are exposed and circulating in underground markets, and alert businesses when their employees become compromised.

Passwords aren’t going away anytime soon, so protect yourself and your enterprise – stop reusing credentials and incorporate these six easy steps to improve your password hygiene.

About the Author

Cynthia Crossland Cynthia Crossland is Head of Marketing at Constella Intelligence – a cyber intelligence company that works in partnership with some of the world’s largest organizations to safeguard what matters most and defeat digital risk.

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.