Internal threat: Password re-use and 3rd party leaks

takkutakku Posts: 2 F-Secure Employee

What are the odds that someone from your organization reuses their login credentials in a 3rd party site?


This is a serious risk and the larger your organization, the more likely it is that someone reuses their credentials in a site that gets breached. The site HaveIBeenPwned, where people can check if their credentials have been leaked, already has roughly half a billion password hashes available.
You can use two-factor authentication to lower the risk of these data breaches affecting your organization.


We recommend:

1) Take two-factor authentication into use to add an extra layer of security in your organization (for example, see Microsoft authenticator or Google Authy, depending on your needs).

2) Take a look at the list of passwords on HaveIBeenPwned. If possible, verify your user base against the publicly known passwords there. If you are a website administrator, use its database to disallow these compromised passwords.





Sign In or Register to comment.