Zane Bond, Senior Director, Product Management at Keeper Security, explores…
Global Recycling Day is a day we can all agree is a much needed moment to celebrate the importance of being a bit more environmentally conscious and thinking about what we throw away and what we can reuse. Recycling is a key part of the global economy and it does a wonderful job in protecting our natural resources. Each year, the 鈥榮eventh resource鈥 – recyclables – saves over 700 million tonnes in CO2 emissions and this is projected to increase to 1 billion tons by 2030.
From a technology perspective, it鈥檚 also incredibly important to reuse. We recycle hardware and we can even recycle disk space or data storage. So freeing up and reusing what we can. It is a great way of being efficient as well as being incredibly cost effective. But not all recycling is good. A huge issue we鈥檙e continuing to see in the cyber security world is the recycling and reuse of passwords.
Password reuse is one of the biggest password errors being made and it鈥檚 a fundamental reason why businesses continue to educate people on good password hygiene.
But why do people do it?
One of the main reasons is that the cognitive load of remembering 300 different passwords is not practical, and not everyone has a vault to generate secure passwords for them. In addition to this, many people can often underestimate the dangers of a breach. As we鈥檝e seen over the past twelve to eighteen months, everyone and every industry is a potential target.
We鈥檝e seen high street retailers being breached right the way through to gas pipelines – cyber threats are everywhere yet we still see people not taking them seriously. Another reason is people are often in the mindset that it鈥檚 better to have a password that is easy to remember rather than one that is hard to crack.
More from News
- It Sounds Ridiculous, So Why Is Allbirds鈥 AI Pivot Actually Working?
- Tanzania Is Dealing With Digital Fraud Through Legislation – What Are The Changes?
- UK Government To Launch 拢500 Million Sovereign AI Unit – What Does This Mean?
- World Quantum Day 2026: Experts Reflect On Industry Developments This Year
- 79% Of UK Workers Fear Losing Their Jobs This Year – And Its Not AI Related
- Scail Launches To Help Regulated SaaS Businesses Navigate The AI 鈥淧erfect Storm鈥
- X Is Taking A Slightly Different Approach To Managing Click Bait Content – Will It Work?
- AI Is Meant To Reduce Workloads, Why Is It Still Causing Workers Cognitive Fatigue?
Cybercriminals know that password reuse is rampant, so whenever they get hold of a working password for one account, they attempt to use it on dozens, perhaps hundreds of different sites. Therefore, if one password gets breached, cybercriminals can use it to access all of the accounts associated with it.
This is known as credential stuffing. A cybercriminal will use a set of credentials to attempt to gain access to several accounts at once and with nearly two thirds of internet users reusing their passwords, you can see why it鈥檚 such a devastating attack. Cybercriminals enter the stolen credentials into thousands of websites over the course of a few minutes or several hours, compromising everything from social media accounts to proprietary company software and beyond.
So what can organisations do?
The first thing is using an enterprise password management system (EPM) that will ensure their EPM performs device verification checks before allowing employees to log in. If the device or IP address wasn鈥檛 previously registered with a user鈥檚 account, the login can be stopped. In addition, it鈥檚 important that a modern authentication system prevents enumeration attacks, where threat actors use automation to 鈥渋terate鈥 through numeric or alpha-numeric sequences to determine the existence of an account.
In addition to device verification, 2 factor authentication (2FA) is a good security measure.聽 Enforcing 2FA prior to making attempts on the master password adds a layer of protection against brute force and credential stuffing attacks against a user鈥檚 vault, even if the device verification step is passed.
The best EPM platforms can audit and report on weak and re-used passwords. Some even alert when a password has been found on the Dark Web so that the user can replace it quickly with a new one.
Finally, continuing to educate users on good password hygiene. Making sure everyone in the business understands the dangers and risks of a password breach and what it could mean not just for them personally but for the wider business.
