https://www.sikich.com

Regarding Security Breaches and Passwords

Carl Miller

Feb 15 2019

3 min read

Two of the most frequently asked questions that come across my desk are “Do I need to worry about the ‘fill in the blank’ security issue I saw on the news this week?” and “Why do you IT guys always make such a fuss about passwords?” Both questions are more closely related than you may think.

Frequently when a security breach occurs, email addresses, passwords, and other sensitive data are made available on the internet. Security firms get their hands on this data and can run statistical analysis on it; the results are terrifying. According to the firm SplashData, 10% of all users use a password on the top 25 frequent passwords list. The 5 most frequently used passwords from their 2018 list are as follows:

123456
password
123456789
12345678
12345

If the above information wasn’t bad enough, many users use the same email address and password for multiple accounts at various places on the internet.

Let me run through two scenarios of what commonly occurs:

Joe works for ABC Co. and his email is joe@abc.com. Joe sets up the password “123456” for his account. Someone attempts to hack Joe’s account and uses the top 25 password list. The hacker gets into Joe’s account with almost no effort.
Fred works for ABC Co. and his email is fred@abc.com. Fred uses the password “Sunny2019Vacation.” Fred knows his password is strong, so he uses the same password for his Netflix account, his Bank account, and his Equifax credit service account. Hackers breach his bank, and now know that fred@abc.com has a password of “Sunny2019Vacation.” The hacker gets into most of Fred’s accounts.

Back to the questions from the start of this blog. “Do I need to worry about the ‘fill in the blank’ security issue I saw on the news this week?” The answer to this is yes, you should be worried! If you want to protect yourself and your firm against the security issue, make sure you listen to your IT guy who makes a fuss about passwords. Ensure your users are using long passwords or passphrases, and make sure they are changed on a regular basis. Longer passwords/passphrases rarely show up on frequent password lists, and changing your password frequently ensures that should a breach happen elsewhere, you will have already changed your password.

Have other IT issues at your organization or need a deeper security conversation? Let’s chat!

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author

Carl Miller

Carl Miller is a Senior Engineer on the Network Operations Center team. In addition to being a high end technical resource, he configures and manages the technology that automates tasks and prevents issues with our managed services and managed hosting clients. Carl has numerous industry certifications and over 20 years of experience in the IT industry.