SpyCloud analyzed 1.7 billion passwords and usernames. Roughly 65 percent of all Internet users use the same password for multiple accounts.
Security specialist SpyCloud reviewed more than 750 data breaches to collect 1.7 billion passwords and usernames. The analysis reveals that 64 percent of breached passwords were used for at least two accounts.
That’s a problem. Although you’re probably well aware of the reason, the majority of Internet users have no idea — or don’t want to know.
When creating an account for a (web) application, you’re handing your credentials over to a system. If the system’s security is lacking, your credentials may end up on the street. When using the same credentials for several accounts and apps, a single data breach puts all accounts at risk. Never put all of your eggs in one basket.
SpyCloud adds that passwords remain too simple. Characters from Netflix and Disney+ series see increasing use. Loki, Falcon and Wanda are three of the most popular picks. A cybercriminal with the right processor will crack all three passwords before the victim can say ‘stop’. Long and diverse passwords require years.
The umpteenth time
The solution is simple. First, most modern browsers have an integrated password manager. Password managers generate and automatically save complex passwords. If you don’t feel comfortable trusting Apple or Google with your keychain, opt for one of the dozens of third-party tools instead.
In addition, multifactor authentication (MFA) makes it impossible to log in through passwords, usernames or email addresses alone. MFA necessitates a physical device, which instantly unarms remote attackers.
Recently, Microsoft revealed that MFA is used by only 22 percent of all Azure Active Directory customers. At the same time, Microsoft estimates that MFA prevents virtually every login attack. While many organizations are able to implement MFA, most simply choose not to.