Sites that have either leaked user passwords and/or had attempted account hacking using reused passwords include:
The worst part: Many users whose passwords were leaked had used the same password for all of their site accounts. This meant that one password loss at one site could have granted access to many or all of their accounts.
Now just imagine if an employee did this same thing, using the same password as their employee user account on an outside site?
- As you should with your personal accounts, don’t use the same passwords for employee accounts, especially for work accounts where the password is stored by a 3rd party outside of your organization. And don’t use your employee account passwords on any personal site.
- Use a secure password management tool to manage and store all of the passwords for your accounts.
- Use 2-factor authentication. Read more about 2-factor authentication here: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201211_en.pdf