It reduces the number of passwords you need to remember to just one, and you can make that master password fairly complex. ![]() That is why we recommend using a password manager. How to securely store your passwordsĪ notepad is not much better than a sticky note you never know when it might get photographed. These photos and videos might also contain sensitive data. In addition to that, many companies now photograph their office activities and post them in their official channels, just to highlight how human their brands are. Even if you don’t do that, if you have a selfie enthusiast in your open plan office, then your coworkers, their screens, their cacti, and their passwords might end up in the pictures. The abundance of digital platforms and social networks where you can post a photo or video has led to people constantly taking pictures of themselves, showing off a new hairstyle, T-shirt, or location. These days, however, selfies add another dimension to the threat. ![]() Now, normally, we emphasize the threat of casual visitors or coworkers finding your passwords. You guessed it: We are back to discussing sticky notes with passwords. Using one password is risky, and your memory’s capacity is limited, so you will obviously need a way to keep your passwords safe and retrievable. Plenty of services on the Web can help them with that we explain in “ How cybercriminals harvest information for spear phishing.” Why writing passwords on sticky notes is a bad idea If the hacker notices that an employee uses the same password for all services, or identifies the pattern used for varying the passwords, then learning with what other services the victim is registered takes just a simple look-up. That means by picking a target - that is, obtaining its e-mail address, which doubles as the login in most cases - a cybercriminal can find out other passwords that are associated with that address and have been leaked. That means cybercriminals with access to this kind of information (not only from open sources, but also from hacker message boards on the darknet) are likely to have significantly larger collections. The service uses only publicly available databases of leaked accounts. At the time of this writing, the number of accounts in the website’s databases is getting close to 10 million. Have you ever heard of the Have I been pwned project, which checks for login credentials in breaches? You can use it to find out if your password has been leaked. It has not lost its relevance with time – in fact, if anything, it’s gotten even more acute. The advice not to use the same password everywhere is not new. What is wrong with using one password for all services And though it is tempting to use one password or variations on one password, there is no situation in which you ever should. Essentially, a modern company may have quite a lot of credentials for various services and cloud applications, and the smaller the business is, the more accounts a single person may have to manage. Some work with graphics, some with accounting records. Some work with advertising, which means they need access to social media ad-management tools. Some employees need access to website administration tools and corporate social media accounts, of which there is usually more than one. These days, each team member needs access to corporate e-mail, an instant messaging program, and a project management system - at the least. ![]() That is simply because all of these services require a password to log in, thus increasing the total number of passwords any given employee needs. Namely, in addition to the risks that are largely specific to collaboration tools, they also increase an older, well-known risk: credential leaks. Along with their clear benefits, online collaboration tools also carry well-documented risks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |