passwordFor many people, remembering a small shopping list pushes the boundaries of the adult memory, let alone memorising a unique password for EACH of their online accounts.

Using a standard password for various accounts may seem acceptable, and convenient – still, it could pose a real threat for your other accounts if a cyber-attacker breaks into one.

Online servers and unprotected databases are under constant threat and, as cybercriminals hone their skills, are suffering breaches at an alarming rate. Leaked or stolen passwords from these data breaches can pose a severe danger if users continue to reuse existing passwords.

A recent analysis by the Microsoft Threat Research team revealed that 44 million users were negligently reusing their passwords and usernames. The tech-giant had scanned their entire company’s user accounts between January 2019, and March 2019.

Executed on a database of around 3 billion leaked credentials; the scanning happened over multiple sources like public databases and law enforcement, Microsoft stated.

Password Recycling

According to Microsoft, 30% of modified or recycled passwords take just ten guesses to crack, putting these users at risk of a breach replay attack. For example, if an attacker breaks into one account, using the same information, they’ll attempt to break into your other accounts. It’s a cyber version of opportunistic house burglary – try the doors until you find the one left unlocked.

Microsoft has urged users to improve their ‘password hygiene’ with specific password security mechanisms like Multi-Factor Authentication (MFA). Microsoft announced that the use of MFA has since prevented around 99.9% of breach replay attacks.

Recently, a significant data breach left around 773 million email addresses and more than 21 million passwords unprotected and vulnerable online. According to respected security researcher Troy Hunt, a vast database, including records from more than 2,000 hacked databases, was left open to online attack.

The breached data, which Hunt entitled Collection #1, included almost 773 million unique email addresses, and 21 million unique passwords. Sized at a whopping 87 GB, the breached records also included 1,160,253,228 unique combinations of breached passwords and email addresses. Hunt stated the data breach was composed of many individual data breaches, from thousands of different sources.

If you have any questions or concerns about your password security, get in touch with our team on 01522 883636 and we’ll do all we can to assist you.