This means most of us get lazy and use the same password over and over. After all, what’s the likelihood of someone trying to take your password?
As it turns out, there’s a good chance they already have. Building on numerous data breaches from major companies, a website called ‘Have I been pwned’ has setup a search that lets you check if your email login and password may already have been compromised in a breach. And it’s serious enough that the UK and Australian governments are using it to monitor their domains. And the results are shocking.
A practical example
Taking five Akita staff, we found that each of their personal (not work) email addresses had been involved in data breaches, meaning that their login details had been stolen by cyber criminals. And not just from one company. The five email addresses had been involved in an average of four company data breaches each, with one user’s email involved in a whopping 11 separate company data breaches. That means 11 passwords for 11 different sites are now in the hands of cyber criminals – certainly more passwords than the average person has.
To understand the gravity of password breaches, you only need to look at your phone and consider who it could be used to contact. Akita has seen a recent example of how one compromised mobile phone allowed malicious content to be sent to the user’s entire work contact list, in turn spreading malicious content further. A cyber criminal that has your the login and password details already could easily do something similar or worse (see our previous blog on phishing for more).
Tips on password security
There’s not a huge amount that can be done if your password is taken as part of a company data other than to ensure you’re changing it regularly. But there are some useful suggestions for creating multiple memorable passwords that are difficult to hack:
- Use lines from a favourite film or book
- Use words from foreign languages, or even the phonetic spelling of such words
- For highly secure systems use ALT key special characters – not # or @, but Æ or Ø (find ALT key commands here)
For more information please call 01732 762 675 or email firstname.lastname@example.org.