Your Employees’ Credentials are on the DarkWeb – Now What?

Your Employees’ User Names & Passwords are Floating Around on The DarkWeb…Now What???

You must protect your assets by avoiding the most common password mistakes to protect your employee information from finding its way to the DarkWeb.

For most of us, the use of internet-based services is a huge part of our everyday lives. We bank. We shop. We stream. What’s the one thing all of these services have in common? Passwords. They all demand passwords. Coming up with new and unique passwords — and then trying to remember them all — can certainly be frustrating. You might be tempted just to use the same password for everything, but that’s mistake number one. As with any good investment portfolio, diversification is key. And as the hackers get smarter, so must you. As reported, there was a massive leak of email / password pairs on the darkweb.  The email / password pairs came from some big sites including Gmail, Facebook, Amazon, Equifax, and many others.

Chances are you could be affected. Here are some tips to help strengthen your password security.

  1. Avoid the most common and obvious passwords.

Do we really have to tell you not to use the word password as your password? Apparently we do.  Below are recently discovered compilation of leaked email/password combinations on the DarkWeb (over 1.4 billion of them) and reported on the most common passwords.

  1. Avoid the most common substitutions.

Changing password to p@ssword or passw0rd isn’t going to fool today’s cybercriminal. We don’t recommend using any common word with just a single number or symbol substitution.

  1. Don’t use common paths on your keyboard.

We’ve already covered passwords like 1235678 and qwerty, but using other keyboard paths really isn’t any better, even if they look more complex. Check out 1qazxsw2 on your keyboard. It may look more complex and random, but it’s still an identifiable path. There are actually password dictionaries on the darkweb that list out these common paths, which means a cybercriminal will always try them first.

  1. Avoid using the same password for multiple services, especially banking and credit cards.

As we said above, you’ve got to diversify so that if someone gets one of your passwords, it doesn’t compromise all the rest. Don’t forget about linked accounts, either. If you’ve used your Google or Facebook credentials to sign in to other services, then all of them will be vulnerable should a single one get hacked.

  1. Longer is better.

We’ve told you several things not to do. Now let’s talk about some things you should do. Longer passwords will be tougher to crack, especially if you mix upper- and lowercase letters and add in some numbers and symbols. Even if you just use a bunch of random words linked together — like PoloHorseFlagCanada — it for a more challenging password.

  1. Consider a password manager.

We can’t remember all our different passwords, either. That’s why a password manager is a great idea. It securely stores all of your passwords, so all you have to remember is a single master password. You can even set up a password manager to create stronger, more secure passwords.

  1. Use 2-factor authentication when it’s available.

Many online services now offer 2-factor authentication, which can prevent someone from accessing your account even if they’ve figured out your password. 2-factor authentication simply means that there’s an extra step of verification beyond just inputting your username and password. For instance, if you log in to your banking website from a new or unknown device, the bank will send you a text/email verification code before it lets you into the account. Many banks now require 2-factor authentication, while some companies like Google make it available as an option.

The bottom line is this: password security is critical, and you cannot afford to be lazy when creating passwords. A little extra effort up front can prevent a lot of headaches down the road.

For more information, click HERE to visit our Cyberlitica page.

Posted in cyber risk, DarkWeb, Phishing, Vendor Compliance
Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Visit Us On TwitterVisit Us On FacebookVisit Us On LinkedinVisit Us On Google Plus

Keep Current with What’s New in Cybersecurity

Email Address:

Name:


Cybersecurity News Daily

Provides a daily summary of what's news in Cybersecurity

Archives

Recent Tweets

Categories

Follow

Get every new post delivered to your Inbox

Join other followers: