window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');

WARNING

We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Password re-use still poses a big threat

Millions of Microsoft users have been using log-on credentials that could be known by cybercriminals. A big part of the problem has been the re-use of passwords which has made it much easier for hackers to unlock users’ accounts.

CNC

The software giant analysed a database of more than three billion leaked credentials pooled from multiple sources, including public and law enforcement data. It found that 44 million active accounts were at risk. This threat was identified between January and March 2019.

Where Microsoft found leaked credentials among its consumer customers, it forced a password reset. No additional action was required. For enterprise customers, Microsoft alerted the administrator at each organisation so that a credential reset could be enforced.

Globally, data breaches are known to have exposed a total of around 4.1 billion records in the first six months of 2019 alone, so Microsoft’s analysis only reinforces the point that there’s plenty of credential data floating about that could, possibly, be traded by cybercriminals.

Weak passwords

And while weak and obvious passwords – such as 12345678 – are still a big part of the problem, even complex passwords aren’t totally safe. They might pass Microsoft’s checks, but there’s no way of knowing if the user has re-used the password in other places.

Hackers can take a leaked password and use it in an attempt to gain access to other accounts used by an individual. It could be any access point in the user’s online activities. A password used for social media activities or gaming might very well be the same as that used for a highly sensitive database within your company.

There’s now a growing range of services being made available to help protect organisations from combatting the problem.

For instance, Microsoft now provides Azure AD Password Protection to enterprise users, and Google has also offered Chrome users an extension that detects username/password combinations that have been compromised due to breaches.

The IT industry as a whole is urging everyone to use multi-factor authentication .

Gary Jowett, from Computer & Network Consultants in Brighton, said: “Using a username and single password is generally being phased out as it’s inherently unsafe. Multi-factor authentication is currently the safest way to minimise security breaches. It’s now made much more convenient with most people possessing a mobile device for receiving verification codes to match up with other credentials. But this shouldn’t be a cause for complacency. Your employees still need to keep on updating their log-on credentials and making sure they don’t share this information with other people. And your company’s security still needs to be regularly reviewed and updated because cybercriminals will, inevitably, find new ways to break into your network.”

Newsletter Archives

By |2020-08-18T17:17:00+01:0018th August 2020|Tech News|Comments Off on Password re-use still poses a big threat

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept