Avoid password reuse
Every day, cybercriminals compromise websites and post lists of user names, email addresses and passwords online. This leaves people vulnerable to attacks due to password reuse. Passwords are more vulnerable when someone uses the same ones for multiple websites or accounts.
Criminals can take advantage of reused passwords by trying users’ information on other accounts and logging in if they get a match. These attempts to log in to other accounts can now be automated, meaning that once the cybercriminals have a username — often an email address — and a password, the cybercriminals can run that information against standard accounts in seconds. That could include Facebook, Twitter, Google +, Instagram, eBay, Amazon, Groupon, Etsy, LinkedIn, Xbox, Netflix, credit card or bank accounts. Once they’re in, they might be able to change passwords, control accounts, and make purchases or withdrawals. The cybercriminals could also figure out where someone works and use that information to try to remotely connect to the City network, for example, through a remote email or COMET access.
To manage multiple, strong passwords:
- Use a password manager to store each unique password. Password managers are applications that securely track passwords and can be stored on a computer, smartphone or in the cloud. Most password managers can also generate complex random passwords for each account if you choose. All you need to do is remember one password — the one for the password manager. As long as that one password is really strong and complex, this approach can be easy as well as effective. Please note, you cannot currently install password manager software on your City-owned computers, but that may change in the near future. In the meantime, you can install one on a smartphone or tablet.
- Choose a password base and then add a descriptor to identify the website. For example, you could start with “Xquantity128” and then add “video%” and “nose%” to get “Xquantity128video%” as a password for YouTube and”Zquantity128nose%” for Facebook. Keep in mind that strong passwords don’t have to be hard for you to remember – just hard for others to guess.
Published Sep 8, 2015