Password reuse is one of the main reasons why passwords have been questioned as an effective measure to guarantee protection against intrusion into accounts and systems.
This practice is extremely risky as it allows a malicious agent to have access to numerous accounts with a single string of characters, being able to steal confidential and valuable data, in addition to extorting a common user.
This type of problem can be especially devastating for organizations, which deal with a variety of information every day and can respond to legal proceedings if they do not comply with legislation such as the LGPD, which determines how the personal data of their customers, employees, and suppliers should be handled.
Check out some alarming statistics on password reuse:
- According to a survey carried out by Google, at least 65% of people have the habit of using the same password for different services;
- According to information provided by Microsoft, 44 million is the number of accounts vulnerable to hacking due to theft and compromise of passwords;
- 76% of millennials put their accounts at risk through password reuse, according to Security.org;
- The Verizon Data Breach Investigations Report points out that password reuse is the reason behind 81% of hacking attacks.
In this article, we show you what you need to know about password reuse. Our content covers the following topics:
- Why is the Habit of Reusing Passwords so Common?
- Password Reuse: What is the Problem with this Practice?
- What Are the Most Common Types of Password-Related Attacks?
- Three Tips for Having Strong Passwords and Managing Them Securely
- Multifactor Authentication and Two-Step Verification: How Important Are They?
Read it until the end!
Why is the Habit of Reusing Passwords so Common?
People daily connect to different websites, services, and social media that require passwords to access them. The main problem is that it is difficult to memorize dozens of passwords, especially complex ones, which are the most suitable for guaranteeing the cybersecurity of people and organizations.
Thus, it is common for people to use the same password on all their accounts, or to make small changes to differentiate the codes to be used.
But don’t worry: in the next topics, we will bring solutions to this problem, such as password managers and multifactor authentication.
Password Reuse: What is the Problem with this Practice?
Password reuse is a risky practice for many reasons. Here are some problems caused by this habit:
-
Multiple Accounts Can Be Compromised
Reusing passwords makes it possible for a malicious agent to hack into an account to have access to others belonging to the same user. And the more a password is reused, the greater the risk of having the credentials breached.
In 2021, Facebook suffered a hack, which affected about 20% of its accounts, leaking data from 533 million people. This means that if your bank password is the same used on this social network, for example, it will also become vulnerable.
-
It Puts Corporate Accounts at Risk
When an employee has no real sense of how much a cyber-invasion can harm the company they work for and how password reuse is associated with it, the organization is at serious risk.
This is because in addition to stealing personal data from this professional, malicious agents are able to gain access to the company’s accounts, causing great inconvenience, losses, and compromising business continuity.
For this reason, we always recommend that organizations promote cyber awareness among their employees and train them to deal with threats. One of the mandatory subjects in these pieces of training is precisely the risks involved in password reuse.
Accounts become more vulnerable to brute force attacks and password cracking, and the more credentials a malicious actor has access to, the greater their power when it comes to brute force techniques.
And with more and more people trying to protect their accounts with weak and repeated passwords, it has become easier for hackers to gain access through brute force.
Also, with each intrusion, they expand their database, as they increasingly identify complex passwords they can use in future attacks.
The Consequences of Phishing Attacks Are More Severe
Phishing attacks are a means used by hackers to gain access to people’s data. Generally, it works like this: attackers send an alert pretending to be a trusted institution, and asking for important information, such as credit card details, full name, date of birth, and passwords.
This message can come in several ways, including an email in which the user is instructed to access a fake website and enter the requested information.
The victim can be instructed to update their data with the explanation that the account would have been accessed through a suspicious login, and follow the guidelines because trusts the institution associated with the message received.
Therefore, it is possible to say that password reuse can aggravate the consequences of phishing attacks, since the user will have more accounts exposed.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.