In the News
Passwords hold the key to accounts filled with personal information, and password leaking threatens the security of all user account information. In Plaintext Password Problem for Some GitHub Users, Kacy Zurkus describes a leak of unencrypted, personal passwords by GitHub through a flaw in their internal system. Zurkus explains that although the passwords were not released to a large audience, the situation startled users and emphasized the importance of password “cyber-hygiene”.
Our Take
Even a company with good security practice can fall victim to a targeted social engineering campaign or a zero day vulnerability. The good guys have to succeed 100% of the time to prevent a breach: the bad guys only have to succeed once.
Recommendations
So how can you minimize the damage done by a password security breach at a company?
- Create strong passwords and change your passwords frequently
- Use different passwords for different accounts to prevent accidentally providing access to multiple accounts if one password is compromised
- Use multifactor authentication to prevent attackers from using compromised credentials