Last Updated on April 24, 2019
We’re celebrating “Password Month” throughout April 2019 here on the Pivot Point Security blog. This article speaks to the risks of reusing passwords, the need for strong passwords for email accounts, and the importance of changing default passwords. This is one of several articles that cover our Top Ten Tips for stronger password security. We’ve already covered tip #10 (avoid easily guessable passwords) and tip #9 (regarding password strength) in prior posts. So let’s dive right into more password tips.
Tip #8: Don’t reuse passwords
Reusing passwords is right up there with not looking both ways before crossing the street. You’re asking for trouble and it’s only a matter of time before it strikes.
Password reuse is rampant because it’s easier than using unique passwords for all the dozens of sites you need to authenticate with. The problem is that if one of your logins is compromised, hackers can and will try that password everywhere they can think of, using a relentless, automated technique called credential stuffing.
You might not think it would matter much if your Netflix account was hacked. But if you reused that password at your banking website, hackers could be spending your money in minutes.
Depending on what account(s) are compromised and what data hackers can collect about you, they can do things like open credit accounts or take out personal loans. This is how “identity theft” can be so devastating.
Tip #7: Your email password needs to be a “strong unicorn”
Speaking of identity theft, if there’s one account you need to protect with a strong, unique password—it’s your email.
Think about all the information about all kinds of other accounts and activities that hackers could dig up by reading your email: where you bank, where you shop, your usernames for various social sites, password reset data, payment data, emails from friends and family loaded with personal tidbits, details about your schedule… They could even stop you from seeing alert emails from other sites they were able to hack into if you reused passwords.
Getting access to your email is a gateway to a cybercriminal “becoming” you. Don’t let that happen.
Tip #6: Change all default passwords immediately
These days practically everything electronic can connect to the Internet, from the routers for our home networks to utility smart meters to smart TVs to smart thermostats to security cameras and so on and on. If you can access it online, it has a default password.
If you haven’t changed the default password for a device, then any hacker can look it up and use it to take control of that device. Then they can conscript it into their botnet army to perpetrate distributed denial of service (DDoS) attacks. Or they can potentially turn the device against you. The problem is so rampant that California recently passed legislation mandating that device manufacturers equip their devices with “reasonable security features.”
Nobody wants someone they don’t know viewing their home webcam feeds or listening in on their baby monitor. So change the default password immediately for anything you connect to the Internet. Automated attack “crawlers” usually find unsecured devices within an hour or two. (Click here and search for yourself.)
Stay tuned for more password tips, coming very soon. Understanding password best practices is key to staying safe in cyberspace—and staying safe can save you a lot of pain.
If Pivot Point Security can help your business in any way with information security questions or concerns, please contact us to speak with an expert right away.
Access All Our Top 10 Password Tips:
- Share accounts, not passwords
- If you must share a password, do it securely
- Store passwords securely
- Use two-factor authentication when risk warrants it
- Ensure password resets are as secure as possible
- Change all default passwords immediately
- Your email password needs to be a “strong unicorn”
- Don’t reuse passwords
- Make passwords as strong as they need to be
- Avoid easily guessable passwords
Is a penetration test really the service you need?
Without good Asset, Patch & Vulnerability management in place, a network penetration test could be a big waste of time and money.
Download the free inforgaphic now!