Let’s talk about password hygiene.
As you may have seen in the news, it was reported that the “Mother of all Breaches” (MOAB) credential database was discovered on an unsecured Elasticsearch Cluster in the cloud. This was the largest leak of sensitive login data in history, compiling 26 billion records across 3,800 separate breaches across a broad range of services used by consumers and businesses alike. This breach contained an astonishing 12Tb of data. Some of the spaces that were involved ranged from X (formerly Twitter) to LinkedIn all the way to Adobe.
To be clear, this isn’t a new breach of some company or entity, rather it’s a compilation of thousands of breaches assembled all in one place and easily searchable by anyone. It is anticipated that new cyber fraud will be attempted as it is now possible to draw connections of user data across many separate breaches.
How do breaches happen?
Breaches can happen on many levels of the cyberworld. Social media is a playground for cybercriminals. They can easily search you, where you work, go to school, when your birthday is, etc. Any information may be the key that they need to link information together.
As I wrote in my previous article, certain defensive tactics like MFA (Multiple Factor Authentication) are only as effective as the user will allow them to be, so it is essential to have as many layers of security as possible. Having good password hygiene is a small but very high-impact way of keeping your network and the cloud protected. It is a simple process and for the time invested, has a large value add. Any form of protection when it comes to sensitive information is valuable, especially when it comes to your clients, coworkers, and families.
Some methods of cybercriminals may include:
Spearfishing: This method uses emails that look authentic and seem to come from within the company where the employee works. They usually contain malware to open vulnerabilities to a company’s systems and network.
Social engineering: This method is used across third-party platforms to gain personal information. IE: passwords. They can access your passwords and potentially reuse them if they gain personal information such as your place of employment—another reason to not reuse any of your work passwords or emails for personal reasons or across third-party sites. Keep home at home and work at work.
Tips for good password hygiene
Your first line of defense against hackers and bad actors is maintaining good password hygiene with any third-party sites you use. A few quick and easy things to keep in mind when looking to improve your password strategy are:
Do NOT use your corporate email address to authenticate to personal sites and services.
- Use a personal email address instead.
- Corporate email accounts should only be used for corporate business purposes.
Always use a password manager, such as PasswordSafe, for website authentication.
- Use it to generate a complex password so you don’t have to remember it.
- Enable MFA if possible.
- Change the password if you ever think it has been compromised.
Do NOT reuse the same password across third-party sites.
- For instance, do not reuse your Netflix password on your Instagram account.
- If you have reused passwords, change them immediately.
Don’t make a hackers job easy
Good password hygiene is a vital part of keeping your credit union’s sensitive information safe. With the neverending efforts by hackers, bad actors, and cybercriminals, keeping these tips in mind when setting your password is one of the many steps that you can take to be even more protected.