2022-03-22 - 台灣二版有限公司

Password reuse is one of the main reasons why passwords have been questioned as an effective measure to guarantee protection against intrusion into accounts and systems.

This practice is extremely risky as it allows a malicious agent to have access to numerous accounts with a single string of characters, being able to steal confidential and valuable data, in addition to extorting a common user.

This type of problem can be especially devastating for organizations, which deal with a variety of information every day and can respond to legal proceedings if they do not comply with legislation such as the LGPD, which determines how the personal data of their customers, employees, and suppliers should be handled.

Check out some alarming statistics on password reuse:

According to a survey carried out by Google, at least 65% of people have the habit of using the same password for different services;
According to information provided by Microsoft, 44 million is the number of accounts vulnerable to hacking due to theft and compromise of passwords;
76% of millennials put their accounts at risk through password reuse, according to Security.org;
The Verizon Data Breach Investigations Report points out that password reuse is the reason behind 81% of hacking attacks.

In this article, we show you what you need to know about password reuse. Our content covers the following topics:

Why is the Habit of Reusing Passwords so Common?

Password Reuse: What is the Problem with this Practice?

What Are the Most Common Types of Password-Related Attacks?

Three Tips for Having Strong Passwords and Managing Them Securely

Multifactor Authentication and Two-Step Verification: How Important Are They?

Read it until the end!

Why is the Habit of Reusing Passwords so Common?

People daily connect to different websites, services, and social media that require passwords to access them. The main problem is that it is difficult to memorize dozens of passwords, especially complex ones, which are the most suitable for guaranteeing the cybersecurity of people and organizations.

Thus, it is common for people to use the same password on all their accounts, or to make small changes to differentiate the codes to be used.

But don’t worry: in the next topics, we will bring solutions to this problem, such as password managers and multifactor authentication.

Password Reuse: What is the Problem with this Practice?

Password reuse is a risky practice for many reasons. Here are some problems caused by this habit:

Multiple Accounts Can Be Compromised

Reusing passwords makes it possible for a malicious agent to hack into an account to have access to others belonging to the same user. And the more a password is reused, the greater the risk of having the credentials breached.

In 2021, Facebook suffered a hack, which affected about 20% of its accounts, leaking data from 533 million people. This means that if your bank password is the same used on this social network, for example, it will also become vulnerable.

It Puts Corporate Accounts at Risk

When an employee has no real sense of how much a cyber-invasion can harm the company they work for and how password reuse is associated with it, the organization is at serious risk.

This is because in addition to stealing personal data from this professional, malicious agents are able to gain access to the company’s accounts, causing great inconvenience, losses, and compromising business continuity.

For this reason, we always recommend that organizations promote cyber awareness among their employees and train them to deal with threats. One of the mandatory subjects in these pieces of training is precisely the risks involved in password reuse.

Accounts become more vulnerable to brute force attacks and password cracking, and the more credentials a malicious actor has access to, the greater their power when it comes to brute force techniques.

And with more and more people trying to protect their accounts with weak and repeated passwords, it has become easier for hackers to gain access through brute force.

Also, with each intrusion, they expand their database, as they increasingly identify complex passwords they can use in future attacks.

The Consequences of Phishing Attacks Are More Severe

Phishing attacks are a means used by hackers to gain access to people’s data. Generally, it works like this: attackers send an alert pretending to be a trusted institution, and asking for important information, such as credit card details, full name, date of birth, and passwords.

This message can come in several ways, including an email in which the user is instructed to access a fake website and enter the requested information.

The victim can be instructed to update their data with the explanation that the account would have been accessed through a suspicious login, and follow the guidelines because trusts the institution associated with the message received.

Therefore, it is possible to say that password reuse can aggravate the consequences of phishing attacks, since the user will have more accounts exposed.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Senhasegura 2022

When it comes to the productivity of employees, few things are as valuable as each user selecting the tools that work best for them. For IT, this means creating an environment that helps employees select their preferred OS platform. When given the opportunity, many users will choose the Mac operating system.

In order to accurately integrate Mac into the enterprise network, IT professionals need the knowledge to ensure smooth implementation, ongoing support and an effective Mac patching process. Mac is not always difficult to manage, but the procedures for securing, patching and updating are not the same with other operating systems.

Consequently, IT administrators do not always have a concrete knowledge of how to apply the same patch deployment processes to Mac. Therefore, to help make your Mac deployment as easy as possible, we are sharing three essential steps for Mac patching.

1. Understanding How Apple Provisioning Works

While provisioning a Mac is not really complex, the process is different from the traditional imaging method. More importantly, Apple provisioning is done through the Device Enrollment Program, which runs in the cloud and can be accessed through the Apple Business Manager Application.

After registering device serial numbers in the device enrollment program (DEP), IT will register the devices in a mobile device management (MDM) tool. The tool helps IT to set up group policy objects (GPO). This includes settings for the configuration of users based on their designated user group.

Additionally, it shows the applications that users should see on their desktop and their security access settings. Most times, this procedure looks strange to IT administrators who have only worked in Windows environments.

The most essential Mac patching process is that the MDM installs the settings and applications to the devices through the Apple cloud. Therefore, end users can start working without IT professionals ever having to physically touch their Mac during the provisioning process.

2. Deliver Updates to Mac Efficiently

The procedure for applying OS updates and security patches for Mac is simplified with a free service from Apple which is called MacOS updates. For Mac, it’s ideal to test different configurations to ensure patches and updates won’t break any applications and operating systems in the environment.

The specific services to test include the ability to log into email, utilize VPN services and access files in shared drives. It’s important to test when deploying antivirus software because it can break the operating system and cause machines to crash.

In order to manage the process, the best tool to use is a dedicated Apple Software Update Server. However, an alternative way is to manage and test patches on Windows and Linux machines. Open-source tools such as Munki and Reposado that run on MDM platforms can act like Mac’s software update tool, which helps IT push updates to end-users the same way they would from the update server.

3. Secure Mac with Authentication Measures

The major way to ensure Mac security is two-factor authentication. In addition to using usernames and passwords, IT professionals can request a unique code that is sent via a text message which they need to enter before getting access to the system. Alternatively, IT administrators can give users a thumb drive to plug into their devices. Without the unique code or thumb drive, users won’t be able to log in to their system.

For user identity services, Active Directory is the major tool that IT teams are familiar with. However, Macs can have performance issues when connected directly to it. In order to simplify the process, IT professionals can use tools like Apple Enterprise Connect and Jamf Connected to eliminate the need for local machines connected directly to Active Directory, while also tracking account credentials on local machines.

This method simplifies the login process for end-users while still giving IT departments the ability to implement policies that require users to change passwords every three months. The easier it is for users to get the technical support they need, the easier it will be for IT to deploy and administer Mac security updates.

The initial step is to ensure that your Mac device users know who to contact when issues occur. This will ensure users can get the assistance they need effectively and efficiently, reducing the threats or vulnerabilities and speeding the patching process.

Self-service applications can reduce support desk phone calls and tickets. This is due to users having access to already approved and safe applications whenever they need them. Furthermore, the ability to run maintenance tasks to fix minor issues will also help users feel empowered and ensure little issues get fixed immediately, instead of waiting in the IT queue.

Are You Ready for Mac Best Practices?

For IT administrators, especially those without previous experience, initial deployment may seem complex, but with the above Mac patching practices and the business tools offered by Apple, your users can be up and running immediately.

Vicarius is a vulnerability remediation tool that targets cybersecurity officers as well IT managers and operators from the U.S. market. Our products and services are personalized to your unique business and always incorporate Mac best practices.

Photo by reza shayestehpour on Unsplash

About vRx
vRx is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

vRx 2022

Multiple Accounts Can Be Compromised

It Puts Corporate Accounts at Risk

Are You Ready for Mac Best Practices?