Gee, I’ve not written any Star Wars Day stories yet and here I am writing about passwords.
I can say that if I find some discounted Star Wars merch to leap on for the likely sales, then I won’t reuse a password from else site on the news site again. Am I that rare?
Well, according to National Day.com and the security experts Tenable, I am!
- 82% of workers reuse the same passwords.
- 75% of employees use their work passwords for personal stuff.
Satnam Narang, Senior Staff Research Engineer at Tenable told Geek Native and other press;
This World Password Day, I’m reminded of a string of articles over the last several months from retail to fast-food companies, where users of these sites found their accounts compromised as a result of credential stuffing attacks. Credential stuffing is a type of attack, where cybercriminals take user login credentials obtained from data breaches on other websites and services and use the same usernames and passwords on other websites and services. More often than not, these attackers will be successful using the stolen data, because many users tend to reuse passwords across multiple websites.
“The saying “use a strong and unique password” across each website stems from incidents like the ones mentioned earlier. It’s not easy to manage several hundred passwords, which is why it is important for individuals to leverage tools like Apple’s built-in keychain for saving passwords, as well as using professional password management solutions. These tools can help users generate strong and unique passwords that they don’t have to remember, and they can use browser extensions to auto-fill their credentials into the right website.
“Despite this sage advice, it’s also important to remember that breaches and phishing attacks are still common, so it’s not just about creating strong and unique passwords. Leveraging features like two-factor or multifactor authentication (2FA and MFA respectively) can help users ensure their accounts remain secure even if their passwords are exposed somehow.
“Some sites offer password-less sign-on, which leverages a second factor such as a phone, to help facilitate logging in without passwords. This isn’t as widespread of a feature across many websites, but it’s another solution to help address some of the challenges posed by passwords alone.”
If you’re curious, Tenable is one of those professional cyber security platforms and squads that have systems to detect when your systems are under attack and can do something about it.
I cannot even afford PDF editing software, so I suspect Geek Native HQ is a bit outside the Tenable price range, but perhaps some of the bigger RPG publishers or The Orr Group might be curious.
🤖AI Disclosure. Software helped create images in this post. Geek Native's AI Content Policy.
Start up a conversation in the comments below.