Internal threat: Password re-use and 3rd party leaks

What are the odds that someone from your organization reuses their login credentials in a 3rd party site?

 

This is a serious risk and the larger your organization, the more likely it is that someone reuses their credentials in a site that gets breached. The site HaveIBeenPwned, where people can check if their credentials have been leaked, already has roughly half a billion password hashes available.
 
You can use two-factor authentication to lower the risk of these data breaches affecting your organization.

 

We recommend:

1) Take two-factor authentication into use to add an extra layer of security in your organization (for example, see Microsoft authenticator or Google Authy, depending on your needs).

2) Take a look at the list of passwords on HaveIBeenPwned. If possible, verify your user base against the publicly known passwords there. If you are a website administrator, use its database to disallow these compromised passwords.

 

Links:

https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/microsoft-authenticator-...

https://authy.com/

 

 

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
2 of 2
Last update:
‎27-02-2018 04:39 PM
Updated by: