Passwords have become ingrained into our every day lives. We need them to access our online banking, to log into our cloud-based applications at work, and for any number of other offline or online activities.
The average business user has to keep track of 191 different passwords, so it’s no wonder that people tend to fall into the bad habit of using the same password for several logins that they use for both personal and work related activities.
Even though they know better, 61% of people use the same or similar password for everything.
But this poor password habit can put you at serious risk should just one of the websites that you use your password on be breached due to a weakness in their network security. All a hacker has to do is breach one password, and they (or their customers) have the key to getting into multiple home or work applications and websites the person has also used that same password with.
When you receive a notification from a site you do business with that they’ve been breached and your password has been exposed, your risk goes deeper than just that one site if you’re not using a unique password everywhere.
If you’re one of the 23 million users of Café Press, a logo item website that many small businesses use for printing their logo on mugs and t-shirts, then you may have received a notification in early September of 2019 that your confidential data, including login, had been exposed due to a data breach on their site.
Possibly, you thought, “Well, I’ll just change my password and I should be fine.” But it can take months for a data breach to be identified, and in the case of Café Press, hackers had their hands on everyone’s passwords since February, which meant they could be selling those login credentials on the Dark Web for over 6 months before you knew about the breach.
Some other recent high-profile data breaches exposing customer information include:
According to the Canadian Centre for Cyber Security, it’s common that once online databases of personal information such as names, addresses, financial details, passwords, etc. are breached, that the information ends up for sale on unscrupulous websites pretty quickly.
In January of 2017, the Royal Canadian Mounted Police found and took down a site that was selling access to 3 billion personal records that had been collected from major data breaches around the world.
Why do hackers purchase passwords? To gain access to more information, such as bank accounts, credit card numbers, and more databases that contain sensitive data. They know that one password is most likely used on more than one site, which makes them even more valuable.
Often online customer databases are attached to online shopping activities, so hacking a website allows a cybercriminal to access the user database used by that website.
Hackers use both simple and sophisticated measures to gain access, the most common being phishing emails that trick users into downloading malicious scripts onto their computer and network that can allow a hacker to gain entry.
Here are some of the key ways that websites are breached, revealing user login passwords.
Access control is the system that handles logins of servers and websites. Hackers that use things like a brute force attack can go through a number of different usernames and passwords using automated software until the right combination lets them in.
Website environments that don’t have protections against this are vulnerable to having a login cracked and their database of user data exposed.
Today’s responsive websites have to use multiple third-party plugins for things like enabling a shopping cart, tracking user activity, and calculating shipping. The more plugins a site uses, the more vulnerable it is to being hacked, because any one of those plugins could have a weakness that hackers can exploit.
Just like plugins, software can also have vulnerabilities that can be exploited through use of a malformed URL or POST Headers. Software weaknesses can also go beyond just the website, and leak into servers, browsers, and networks. They can also lead to criminals getting their hands on names, emails, and passwords that are kept in a website’s database.
It would be a tall order for anyone to be able to remember a unique and strong password for every single login they have to use. Here are two key ways you can strengthen your password best practices.
You’ll only need to remember a single password and the password manager will remember the rest for you and store them all securely. This also makes it easier to regularly change passwords for more sensitive sites, because the tool will provide suggested strong password for you.
Using Multi-factor authentication along with your password can significantly increase your data security because it requires a time-limited PIN that’s typically sent by text message to be used as a second login factor. This keeps your accounts secure even if your password has been breached.
Is your website safeguarded against a breach of your customer database? How about your company network and endpoint devices? Haxxess Enterprise Corporation offers affordable and customized cybersecurity services for businesses in Sudbury and Northern Ontario.
Book a complimentary cybersecurity checkup with us today! You can also reach us at 705-222-TECH (8324).