Do you reuse the same password like Mark Zuckerberg did?
Here’s a lesson from recent history that is worth bearing in mind the next time you have to set a password.
Humans are creatures of comfort. Through our everyday decision-making we actively avoid making our lives more difficult, and that’s not a bad thing… generally.
But when it comes to passwords, the intersection of complexity and comfort means that many of us err on the side of comfort, reusing the same password on multiple websites – both corporate and personal.
Unfortunately, when just one of the websites you use is compromised, your password on all the other sites has been exposed. And it’s just a matter of time before an attacker can put the pieces of the puzzle together to compromise your company security.
That’s just what happened to Mark Zuckerberg in 2016. His password on LinkedIn (from 2012, mind-you) was published, along with 167 million others in a massive data dump. When thieves found it, they used it to reactivate his dormant Twitter and Pinterest accounts, much to his embarrassment. There’s a good summary of the attack on this page.
There’s speculation that the Sony Network hack from 2014 was a case of the same vulnerability being exploited. Phishing messages, purporting to be from Apple were sent to staff at Sony because the hackers correctly surmised that one or more employees would reuse their Apple ID password as their corporate password. The breach cost Sony US$15m in direct costs and up to $100m in lost revenue from failing to release the film, “The Interview” in theatres.
It’s just plain obvious that you should ensure you use a unique password for every site that you visit. One way to do that is create your own method for setting a password that involves something variable and something fixed.
It’s still not a foolproof way to safeguard your online identity though, as multiple hacks involving passwords and your email address would reveal the algorithm to an interested attacker. Hackers use data analysis too and can stitch together an accurate profile from different sources.
What’s better is to talk to Computer One about password security and we’ll show you a way to manage unique passwords on every service you or your staff subscribe to, so that you don’t have to remember any. They’ll be stored in a completely secure format, and they’ll be so complex they’ll be practically uncrackable.