Internal threat: Password re-use and 3rd party leaks

What are the odds that someone from your organization reuses their login credentials in a 3rd party site?
This is a serious risk and the larger your organization, the more likely it is that someone reuses their credentials in a site that gets breached. The site HaveIBeenPwned, where people can check if their credentials have been leaked, already has roughly half a billion password hashes available.
You can use two-factor authentication to lower the risk of these data breaches affecting your organization.
We recommend:
1) Take two-factor authentication into use to add an extra layer of security in your organization (for example, see Microsoft authenticator or Google Authy, depending on your needs).
2) Take a look at the list of passwords on HaveIBeenPwned. If possible, verify your user base against the publicly known passwords there. If you are a website administrator, use its database to disallow these compromised passwords.
Links:
https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
0 Like