Internal threat: Password re-use and 3rd party leaks

takkutakku Posts: 2 F-Secure Employee
in Threat Intelligence

What are the odds that someone from your organization reuses their login credentials in a 3rd party site?

 

This is a serious risk and the larger your organization, the more likely it is that someone reuses their credentials in a site that gets breached. The site HaveIBeenPwned, where people can check if their credentials have been leaked, already has roughly half a billion password hashes available.
 
You can use two-factor authentication to lower the risk of these data breaches affecting your organization.

 

We recommend:

1) Take two-factor authentication into use to add an extra layer of security in your organization (for example, see Microsoft authenticator or Google Authy, depending on your needs).

2) Take a look at the list of passwords on HaveIBeenPwned. If possible, verify your user base against the publicly known passwords there. If you are a website administrator, use its database to disallow these compromised passwords.

 

Links:

https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to

https://authy.com/

 

 

Like
Sign In or Register to comment.