BR +55 11 3069 3925 | USA +1 469 620 7643

Password Reuse: Understand the Risks of this Practice

by | Mar 7, 2022 | BLOG

Password reuse is one of the main reasons why passwords have been questioned as an effective measure to guarantee protection against intrusion into accounts and systems. 

This practice is extremely risky as it allows a malicious agent to have access to numerous accounts with a single string of characters, being able to steal confidential and valuable data, in addition to extorting a common user.

This type of problem can be especially devastating for organizations, which deal with a variety of information every day and can respond to legal proceedings if they do not comply with legislation such as the LGPD, which determines how the personal data of their customers, employees, and suppliers should be handled.

 

Check out some alarming statistics on password reuse:

  • According to a survey carried out by Google, at least 65% of people have the habit of using the same password for different services;
  • According to information provided by Microsoft, 44 million is the number of accounts vulnerable to hacking due to theft and compromise of passwords;
  • 76% of millennials put their accounts at risk through password reuse, according to Security.org;
  • The Verizon Data Breach Investigations Report points out that password reuse is the reason behind 81% of hacking attacks.

In this article, we show you what you need to know about password reuse. Our content covers the following topics:

  • Why is the Habit of Reusing Passwords so Common?
  • Password Reuse: What is the Problem with this Practice?
  • What Are the Most Common Types of Password-Related Attacks?
  • Three Tips for Having Strong Passwords and Managing Them Securely
  • Multifactor Authentication and Two-Step Verification: How Important Are They?

Read it until the end!

Why is the Habit of Reusing Passwords so Common?

People daily connect to different websites, services, and social media that require passwords to access them. The main problem is that it is difficult to memorize dozens of passwords, especially complex ones, which are the most suitable for guaranteeing the cybersecurity of people and organizations.

Thus, it is common for people to use the same password on all their accounts, or to make small changes to differentiate the codes to be used.

But don’t worry: in the next topics, we will bring solutions to this problem, such as password managers and multifactor authentication. 

Password Reuse: What is the Problem with this Practice?

Password reuse is a risky practice for many reasons. Here are some problems caused by this habit: 

  • Multiple Accounts Can Be Compromised

Reusing passwords makes it possible for a malicious agent to hack into an account to have access to others belonging to the same user. And the more a password is reused, the greater the risk of having the credentials breached.

In 2021, Facebook suffered a hack, which affected about 20% of its accounts, leaking data from 533 million people. This means that if your bank password is the same used on this social network, for example, it will also become vulnerable.

  • It Puts Corporate Accounts at Risk

When an employee has no real sense of how much a cyber-invasion can harm the company they work for and how password reuse is associated with it, the organization is at serious risk.

This is because in addition to stealing personal data from this professional, malicious agents are able to gain access to the company’s accounts, causing great inconvenience, losses, and compromising business continuity.

For this reason, we always recommend that organizations promote cyber awareness among their employees and train them to deal with threats. One of the mandatory subjects in these pieces of training is precisely the risks involved in password reuse

Accounts become more vulnerable to brute force attacks and password cracking, and the more credentials a malicious actor has access to, the greater their power when it comes to brute force techniques.

And with more and more people trying to protect their accounts with weak and repeated passwords, it has become easier for hackers to gain access through brute force.

Also, with each intrusion, they expand their database, as they increasingly identify complex passwords they can use in future attacks.

The Consequences of Phishing Attacks Are More Severe

Phishing attacks are a means used by hackers to gain access to people’s data. Generally, it works like this: attackers send an alert pretending to be a trusted institution, and asking for important information, such as credit card details, full name, date of birth, and passwords. 

This message can come in several ways, including an email in which the user is instructed to access a fake website and enter the requested information. 

The victim can be instructed to update their data with the explanation that the account would have been accessed through a suspicious login, and follow the guidelines because trusts the institution associated with the message received. 

Therefore, it is possible to say that password reuse can aggravate the consequences of phishing attacks, since the user will have more accounts exposed. 

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

5 + 2 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

        What Are the Most Common Types of Password-Related Attacks?

        Cybercriminals can carry out different types of attacks, taking advantage of the vulnerability generated by password reuse. Here are the most common ones:

         Credential Stuffing: Cybercriminals use an extensive list of usernames and passwords to carry out this type of attack, testing combinations until they manage to break into a system.

        These lists can be purchased on the dark web, but they do not always contain the data of the institution targeted by hackers

         Dictionary Attacks: A dictionary attack works similarly to credential stuffing, except attackers use common emails and popular passwords like 123456 until they find a combination that works.

         Password Spraying: In this case, common logins and passwords are also tested. However, the same password can be tested for multiple email addresses, making it possible for websites not to recognize any suspicious actions.

        Three Tips for Having Strong Passwords and Managing Them Securely

        Now that you know the risks generated by password reuse, let’s share three tips for having strong passwords and managing them securely:

        Use a Password Manager

        Remembering multiple passwords is a burden for people. For this reason, we recommend using a password manager. 

        This feature makes it possible to generate secure passwords and store them. Just create an account and a strong password that should protect all others. This manager can be installed on all your devices so that you can have access to your passwords no matter where you are.

        Best of all, with a password manager remembering your password for you, it is no longer necessary to use strings of easy-to-guess numbers or letters, making it harder for cybercriminals to succeed. 

        If that still does not convince you, check out this data: according to a 2015 Dashlane survey, people maintain around 90 accounts online. However, we know it is unlikely someone would use 90 different email addresses to access their accounts. 

        This means each user has between five and ten email addresses associated with at least nine accounts. Imagine the consequences of reusing passwords with these numbers!

        Use Suggested Passwords

        Many services such as LinkedIn and Google require you to use strong passwords to access your accounts. They determine the number of characters to use and require special characters. Some suggest passwords to the user, as is the case with WordPress. Use these services to your advantage and follow the instructions on those platforms. 

         Create Unique Passwords

        If you do not use a password manager, this tip is important to protect your accounts. Create unique passwords for each service instead of reusing passwords. But make sure that the access you choose is in fact unique and not a variant of another password.

        Some extra guidelines when creating a strong and secure password are:

        • Prefer long sentences over one or two short words;
        • Add numbers and special characters;
        • Do not make use of widely known terms;
        • Phrases that you say frequently should not be used either;
        • Do not use your data that may have been mentioned in CVs, social media profiles, or surveys;
        • Never share your passwords;
        • Do not write down your passwords on papers that may be visible to others.

        Multifactor Authentication and Two-Step Verification: How Important Are They?

        In addition to password reuse, easy-to-remember passwords also impact cybersecurity. To combat the vulnerability generated by the combination of these two situations, we recommend using one of these two features: two-factor authentication (2FA) also known as two-step verification, or multifactor authentication (MFA).

        Both require the user to go through more than one step to complete their authentication and be granted access to a certain system. 

        The difference between them is that the first requires the same method to be used, more than once, such as a security code and a password, two data that the user knows. MFA, in turn, consists of a system that requires the use of at least two different identification factors to access an account. These are:

        • Knowledge factor: Something the user knows, such as passwords and codes;
        • Possession factor: Something they have access to, such as a token; and/or
        • Inheritance factor: Something related to their physical features, such as voice recognition, facial recognition, or fingerprints (biometrics).

         By reading this article, you have understood the problems that password reuse can cause and how to avoid this kind of inconvenience. Share our text with someone else who might be interested in this topic. 

         

        ALSO READ IN SENHASEGURA’S BLOG

        Why Have Attacks on Healthcare Organizations Increased?

        High Availability: Technology that Guarantees Productivity and Credibility

        ISO 27001: 4 Reasons to Implement It in Your Company

        The 14 Best Cyber Podcasts in 2022

        When it comes to cybersecurity, staying informed is one of the first steps to avoid risks such as data leaks and hacker invasion, which can generate a series of disruptions in an organization, even compromising business continuity. The good news is that there is a lot...

        How Does PAM Help Protect Remote Access?

        With the imposition of social distancing caused by the Covid-19 pandemic, most companies began to migrate to remote work, adopting solutions such as cloud computing. According to Forrester, more than 50% of IT leaders have revealed the need to adapt to this reality,...

        How to Appropriately Protect Remote Access from Cyberattacks

        The Covid-19 pandemic has brought the need for many companies to join remote work with it. The mass adoption of this modality resulted in a significant increase in cyberattacks on IT business structures through breaches in the security of remote accesses. The...

        Network Security Perimeter: Why Is This Concept Obsolete?

        For a long time, companies had data centers as their IT infrastructures, which needed to be protected from external agents.  Business-critical data was embedded in these allocations, including internal networks, client devices, Internet gateways, applications, and...

        How Has Robotic Process Automation Revolutionized Routine Execution?

        Many people fear the elimination of jobs due to the adoption of Robotic Process Automation, since robots are able to perform tasks previously performed by humans. However, we understand this technology is not able to replace all of our capabilities. We know that RPA...
        Copy link
        Powered by Social Snap