A study was recently released in the UK that indicates a surprising prevalence in password reuse. A group of anonymous hackers released password data that was hacked from websites Gawker and RootKit finding that many members used the same password for both sites. By comparing this data, Joseph Bonneau, a researcher at the University of Cambridge, was able to approximate just how many users picked the same passwords for both sites.
Between the two sets of data from Gawker and Rootkit, Bonneau found an overlap of 456 legitimate e-mail addresses. The passwords were originally encrypted, but using a rainbow table, he was able to decode the majority of the encrypted passwords. After conducting an analysis, Bonneau found that 43% of users whom he was able to match across both sites had used the same password for their login credentials. An additional 6% chose to alter their passwords by changing capitalization or adding a small suffix (i.e. “hello” to “HEllo” or “password” to “password1”).
Password reuse poses a serious threat to businesses because all a hacker would have to do is crack one of your login passwords to be able to gain access to the others. Further exacerbating this problem is the requirement by many websites for users to log in with e-mail addresses meaning that not only is the password the same, but so is the username! This is a hacker’s delight and makes his/her job incredibly easier. Because of this potential risk, you should always and regularly backup your data
There are ways to avoid the headaches associated with your password being hacked. For starters you could:
- Try to use a different username for every website. If a site requires your e-mail address as a login, inform the Webmaster that this is a security concern.
- Use a different password for every site you visit. It can seem impossible trying to remember all of those passwords but some helpful tips are:
- Establishing a mnemonic device
- Visualizing each password in your head
- Not picking nonsensical phrases like “h4@gh14%”
- If memory is not your thing, you can always write all of your passwords down
With technology evolving everyday, hackers are finding it increasingly easy to overtake security systems. There’s no reason why any of us should be making it easier for them.
Think by Blytheco, LLC has teamed up with several experts in the business continuity industry to develop a blog miniseries about the importance of backing up data and enhancing your business’s continuity plans (BCP’s) and disaster recovery procedures. The series, titled ‘Back it Up’, is meant to connect you with the information and resources you need before the occurrence of data loss.