Our thoughts on the future of digital innovation and the cloud.
The Risk of Re-Using Passwords
As I mentioned in my previous post, it can be easy for hackers to access a company’s important data. First they access low privileged accounts and then leverage their permissions to become an admin. We discussed how we can take advantage of Azure Multi-Factor Authentication (MFA) to eliminate an attacker’s penetration, even if they compromise the Identity’s passwords.
But it is still important not to forget the importance of having strong passwords, changing them often, and making new passwords for any new online logins, as most likely you do not have MFA enabled for all of your logins.
Use unique logins
Do not use the same password for all your accounts. Why?
The answer is simple …
Hackers do not target well protected websites first. They record your logins to websites that you do not even care if it is protected, like your login to an online website for watching movies or online dating site. Then what do you think their next action is?
They try your password on every account linked to your email address…
My CEO recently received an email from Canada Post. They are asking users to reset their passwords for all accounts … not because of a cyber-attack or any breach on their network, but because they believe that customer information may have been compromised by the same credentials being used to access their Canada Post accounts.
Keep all your accounts safe
Your obvious question is now, “how can we memorize all these different passwords?”
I personally think that, for your personal accounts, try to memorize the passwords as much as possible. But there are still some safe options like using known password management apps or recording them in vaults like Azure Key Vaults. We will discuss about these options in future blogs.
So, although reusing passwords to access multiple websites saves time and makes life easier in remembering a login when you need it, but it also makes the thieves’ job easier to access your important information.
Check if your account has been compromised over the last few years: https://haveibeenpwned.com