We will often keep an eye on current events to find practical examples to use as evidence in support of our recommended best practices, but a relatively recent Spotify hack has given us a special opportunity. We now have the opportunity to use this one story to reinforce not one, but two such practices. Let’s dive in, shall we?
Did you know that over 80 percent, eight-zero, of cyberattacks are the result of stolen access credentials? It’s no wonder that the username/password combination that we’re all used to is being actively phased out by many tech companies—including Microsoft—in favor of more secure, passwordless authentication measures.
“Open sesame!” If only the passwords that were required of us every day could be so simple, right? But no, this simply enables cybercriminals. So, for the sake of our accounts and their security, we have to use multiple, complex passwords that meet assorted best practices.
However, passwords can sometimes be too secure. As in, preventing us from accessing our resources ourselves, because we can’t remember which password we used (or what it was).
Passwords have always been important to businesses, but they are priorities for organizations in certain industries. Government-based organizations in particular need to be concerned about using secure passwords. Of course, not all businesses are government-based, but there’s a thing or two your own can learn about some of their password practices.
If you think about it, password security is an interesting phenomenon. The odds are that a user knows the importance of using a strong password, as well as the potential consequences of using weak ones. Yet, time after time, people would rather go with passwords that are easy to type and remember, as opposed to adding a few simple security measures.
Twitter is recommending that all 336 million users change their passwords as soon as possible due to the discovery of an internal security flaw. While the issue has been fixed and no data breach seems to have taken place, Twitter is clearly taking this situation seriously.
On Thursday, May 3, it came to light that there was an internal log upon which an undisclosed number of account passwords were recorded without any protection. As a result, this unknown amount of passwords can no longer be considered secure, even though there is no apparent evidence that any data breach has occurred.
Twitter uses a process called hashing to protect their passwords, as many companies do. However, a bug created a log of passwords before they were hashed, leaving them fully legible. This bug has since been resolved.
In response to this situation, Twitter is being proactive and recommending that all of its users change their passwords, just in case. To do so, log in to your account in your browser, access Settings and privacy, and from there, Password. It is also a good idea to enable two-factor authentication by accessing Settings and privacy, clicking into Account. Once there, click on the “Set up login verification” button and follow the instructions. You will find yourself on a Login verification screen, where you can activate the means to generate another authentication code.
While disaster seems to be averted this time, you should not hesitate to change your password as soon as possible, and makes sure that all of your online accounts have strong passwords in place. For more information about keeping your identity safe online, call the IT professionals at BEI at (844) BIZ-EDGE.
One of the best things about computers is that there is always a new way to make something easier: automation decreases a workload, their processors can calculate much faster than the human brain can, collaboration with coworkers becomes almost effortless, and your web browser can even remember your passwords! However, you have to ask yourself: is the ability to save your passwords in your browser really a great idea?