People reuse passwords – period

Credentials targets

Phishing attacks continue to be a mainstream enterprise for credential grabbing ( passwords ). The attackers continue to evolve their methods of tricking you into filling in your credentials ( on a fake page or email ). Attackers know we are all overwhelmed with the sheer number of passwords we have, that we tend to reuse them across platforms. Therefore phishing attacks are targeting your consumer accounts like Netflix, DirecTV, etc.

In recent articles and podcast interviews with experts from companies like Okta, Barracuda Networks, AlienVault, ClearSwift and more, username/password credentials are still the #1 target. The goal is, by sending a fake, internal-looking email to a company executive, to gain their credentials or initiate a wire transfer.

Encumberances

This has continued to force all of us into password requirements like these:

  • Minimum password length must be 8 characters and consist of at least 2 alpha characters, 1 number and 1 special character (but not an ampersand – &).
  • A password must have no consecutive repeated characters.
  • Passwords must not include your user name or any part thereof.
  • A password must not include the names of a spouse, children, pets or one’s own name.
  • Passwords must not include any regional sports teams or players.
  • A password must not include any office symbols.
  • A password must not include your social security number or any subset of your social security number that is more than a single number.
  • Passwords must not be any of the 11 most recently used passwords for the account.
  • Every user with an account on a (your network) system is responsible for safeguarding access to that account.
  • Certainly passwords must not ever be shared with anyone.
  • An account owner must change his or her password when prompted by the system.
  • An account owner can change his or her password at any time, but at a maximum of once per day.

As a result we are all tired of following these of rules to be able to function within a workplace or at home on consumer services? If you are too, I highly recommend you review our solution. While you review these articles for yourself.

https://www.informationsecuritybuzz.com/expert-comments/the-consequences-of-the-superdrug-data-breach/

https://www.techworld.com/security/uks-most-infamous-data-breaches-3604586/

The solution for this is to replace your standard login with Secure Login by TraitWare.