All my breached passwords for sale on the dark web?

Passwords – every so often, we read about data breaches of big internet players – like Yahoo, Dropbox and TalkTalk. As if that isn’t scary enough, consider this for a moment: that all these passwords may be aggregated and put together in one searchable location? Any cracked password?

Sites like haveibeenpwned, who have been around for a long time, allow you to check and see if your email address is listed under a site that has been hacked (I look regularly at mine!). If it is there then you may be vulnerable. Likewise, Troy Hunt’s excellent site fleshes out this information in technicolour.

Passwords, the bottom line is this…

If you have two or three passwords you use for all your online logins, and one of your accounts has been hacked – don’t be surprised if other accounts are targeted too.

Having a company (and personal) password change policy is a really sensible thing to implement. If you haven’t thought about implementing password management software – there’s no better time than NOW to consider it.

ITGUYS, as part of our Cyber Essentials Plus certification, implemented the following:

  • All our computer passwords have to be changed every 60 days.
  • All of our passwords for online access have to be unique.
  • And, every one of our passwords for online access are stored in our password management software.
  • Wherever possible, we use 2FA (two factor authentication)for enhanced security.

Also, remember that GDPR highlights every company’s security responsibilities and that the cyber landscape is increasingly dangerous. Simply hoping you will be safe doesn’t cut it anymore!