New cybersecurity threats are continuously emerging in light of our increasingly connected world, AI, 5G, and other enterprise trends. In this ever-changing landscape, there is one constant: passwords remain the primary authentication method for accessing corporate systems and applications—and employees are notorious for utilizing pwned passwords.
The use of pwned passwords, or passwords that have been previously exposed in data breaches, significantly increases security vulnerability as cybercriminals can easily access compromised credentials via the Dark Web and utilize this information to infiltrate corporate accounts. This problem is compounded by password reuse, another prevalent example of poor employee security hygiene.
91% of respondents in a recent survey acknowledge that reusing passwords across multiple work and personal related accounts introduces significant security vulnerabilities. Yet 59% admit to doing it anyway. They are ambivalent about the risk of pwned passwords.
The 2012 Dropbox breach, in which hackers obtained encrypted passwords for more than 68 million accounts, is an example of how devastating the effects of password reuse can be. As Dropbox put it in a blog post, “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses.”
The long-awaited Disney+ launch also exposed the risks with password reuse. An investigation found that less than 48 hours after launch, thousands of exposed Disney+ passwords and accounts were already for sale. Bad actors were able to access Disney+ accounts because so many of its users recycled passwords from their accounts on other sites, on their Disney+ account.
With new breach data coming to light on a daily basis, guarding against the use of pwned passwords requires constant vigilance.
As Enzoic’s CEO, Michael Greene, stated in a Channel Futures article, “I recently spoke with a company that discovered that 4% of its uncompromised credentials become compromised within one month and this happened month over month.”
The latter is the most crucial step companies can take in the fight against pwned passwords, as it essentially circumvents poor employee security practices.
To quote Michael Greene’s Channel Futures article again, “It’s unrealistic for companies to expect password reuse to change on its own, but it’s also untenable for them to continue to allow the use of exposed credentials.”
By continuously screening all corporate passwords against our proprietary database of exposed credentials, Enzoic helps companies ensure pwned passwords remain where they belong—on Dark Web lists but never in use for enterprise systems and applications.