An account breach using a stolen username and password is always on social media and the news and changing a much-used password can be annoying. It’s unfortunately a necessary part of good security practices. The rise of online scams and the frequency of data breaches means that it’s perhaps it’s time to swap “welcome123” for something a little better.
A 2020 Verizon report suggests that over 80% of data breaches involved brute force or the use of lost or stolen credentials. Changing passwords can be a significant task for some. A recent survey found that 8 out of 10 respondents said that password management is difficult because of the sheer number of accounts they have, the number of passwords to remember, and difficulty trying to remember them all.
A brute force attack involves guessing every possible combination of a password until the correct password is discovered.
One thing is certain though, passwords are here to stay for the time being. We will use them today, tomorrow, and for the foreseeable future. Other technologies like fingerprinting, facial recognition, and secure USBs are in use, but not freely available and not as easy to implement and simple to use as passwords.
What can I do if my username and password are stolen?
There are several ways passwords are stolen: phishing emails, brute force, and data breaches.
- The first thing you need to do is change your password for the account.
- Cybercriminals may have gotten access to your email account and used it to reset your password. Good security practice is to reset the password to the email associated with the account too.
- Check your account activity and see what the cybercriminals accessed, updated, posted, or changed.
- Check your settings to see if your secret questions have been changed.
- Check your profile data to see if your details have been changed.
What can I do to keep my username and password safe?
Here are a few ways to keep your passwords safe.
Use a password manager
CertNZ advocates the use of a password manager to keep your passwords safe. A password manager is an easy-to-access, secure vault for all your passwords. It allows you to use long and complex passwords, without the need to remember them all. Your password manager can be added to your browser so they are always only a few clicks away.
You have one password that’s your Master Password and it’s the only one you need to remember. Always apply Multifactor Authentication to the Master Password, because you need to make sure only you can access it.
Use unique passwords
You may be tempted to keep using the same password across accounts, but that can lead to many account breaches, once your username and password in stolen. If you use a password manager, it can allow you to generate a very long and secure password that’s unique to each site. It’s a good idea to use this function.
Do a quick password check online
Go to Have I been Pwned and do a search on your username or password. This password breach service was created in 2013 and stores data of over 9 billion stolen credentials. This is a simple and effective way to identify data breaches that involved your stolen username and password.
The nature of the modern workplace means that employees are potential targets and accessing sensitive data from everywhere. Kaspersky suggests that
73% of workers haven’t received any cybersecurity awareness training from their employer since working from home.
What can I do to protect my business?
Businesses are targeted through people – using phishing, malware and online scams. Enable your business to become cyber smart and by equipping your staff with practical, ongoing and relevant knowledge, tools and ideas through a robust security awareness programme.