A typical user has over 30 web accounts but only 4 passwords. That means that a user shares the same password with over 7 sites. This means that even if some OTHER website is hacked, your organizations users, information security and intellectual property is at stake.
Password breaches and impact of hacks on “other sites”
Password breaches at large, well known sites is unfortunately very common.
- On July 12, 2012, Yahoo! reported that about half a million users’ passwords were stolen and publicly posted on a hacker forums.
- On Jun 7, 2012, LinkedIn reported that over 6 million users’ credentials were leaked and posted on a Russian hacker website.
On Aug 1, 2012, Dropbox reported that many users’ accounts were compromised because the credentials were stolen from a handful of “other websites” – not from Dropbox itself. So, even though Dropbox was never hacked directly, its users and ultimately its reputation was negatively impacted.
Users can be implored and even beseeched to use different passwords for different sites. However, human nature will always intervene and short circuit any security policies.
The best defence is to augment password security with an additional factor of security – what you know (the password) with what you have (a token generated on a smartphone or hardware token). This ensures that even if a password is breached (either on your site, or other site); your organization, its information systems and users are secure.
Join Celestix Networks to learn more about two-factor authentication in an informative webinar on Oct 11, 2012.