Regular readers of Hot for Security understand the pitfalls of reusing passwords in multiple places.
If you use the same password in more than one place, the risk is that the password will be breached by hackers in one location and then used against you elsewhere.
For example, in 2012, it became apparent that the passwords for almost 6.5 million LinkedIn passwords had been stolen from the business networking site and posted online.
(That would have been bad enough, but four years later it was revealed that the breach was much worse than previously thought - and had actually exposed over 100 million LinkedIn users' passwords).
Following the breach, hackers tried to crowbar their way into users' other accounts by using the passwords that had been used on LinkedIn. Infamously, one high profile victim was a fellow you may have heard of called Mark Zuckerberg - who had made the elementary mistake of using the same password for his Twitter, Instagram, and Pinterest accounts as his LinkedIn profile.
That password? The hardly complex "dadada".
The security-savvy amongst us know that reusing the same password is probably a graver error than choosing an easy-to-guess password or one that is simple to crack.
But if Facebook's founder and CEO can make such a dumb mistake when it comes to his password security, it's perhaps no surprise that many of the rest of us do too.
New research released by My1Login suggests that not many people have learnt the lesson of not reusing passwords in the years since the LinkedIn breach.
According to a survey conducted by the firm, nearly two thirds (62%) of employees passwords between business and personal accounts. The problem is particularly bad in the healthcare and education sectors, where the survey found particularly high rates of password reuse, at 94% and 91% of employees respectively.
You're probably imagining that all people need is a little training in password security to fix this problem. Well, think again.
85% of employees who have received security training in the workplace continue to reuse their passwords. Even 78% of those employees who said they had received 'a lot' of cybersecurity training were found to still reuse their passwords.
In short, workers may know what a strong password should like, and even that they shouldn't reuse their passwords, but it doesn't mean that they are actually obeying the rules.
And that puts everyone - businesses and personal users - at risk, in the office and at home.
If you're a regular reader of Hot for Security, I like to think that you already understand the common mistakes that the public makes when it comes to password security, and how a decent password manager and multi-factor authentication can help users following best practice and harden their accounts from attack.
Maybe you can do your bit to ensure that your friends, family, and work colleagues realise that these rules are not just made up for fun but can actually make a massive difference as to whether your accounts - at home and in the office - get hacked or not.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024