Blog

Get the inside scoop at Cyphercor and learn about relevant security news and insights.

Passwords Are a Shared Problem

November 29, 2013Diego Matute

Each week there is news of password breaches affecting millions of users. Sample from the last 12 months:

Date Target Potential Users Breached
Mar. 2nd, 2013 Evernote 50 million
Apr. 26th, 2013 LivingSocial 50+ million
May 29th, 2013 Drupal 1 million
Jul. 21st, 2013 Ubuntu Forum 2 million
Oct. 3rd, 2013 Adobe 38 million
Nov. 12th, 2013 MacRumors Forum 860 thousand
Nov. 13th, 2013 Cupid Media 42 million

Administrators may feel that a breach in someone else’s system does not affect them – the opposite is true.

Password Breaches Affect Everyone

Credit-checking company Experian conducted a study of 2,000 UK adults last year and discovered some startling facts:

  • Average user has 26 online accounts while only using 5 different passwords
  • 1 out of 4 people use a single password for the majority of their profiles
  • 1 out of 25 people use a single password for all their profiles

The main problem with passwords today is not complexity: its reuse.

One password has the potential to unlock 5 accounts. Imagine your car key unlocking your safety deposit box!

On top of that: most users select from the same password pool, making it easier for password crackers to guess. Imagine your neighbours car keys unlocking your safety deposit box!!

Take a leak of 20 million passwords. Assume 5% of your users also use that site. Assume 20% of your users use the same password. That’s 200,000 compromised accounts!

This is why each major password leak is followed by massive password reset campaigns on other large sites (Facebook Warns Users After Adobe Breach). Increasing the complexity of passwords or continuing to use them by themselves will not solve the problem.

What can be done?

Augment the Password

LoginTC adds an additional dimension to the password by incorporating a smartphone to the authentication process. A physical factor for authentication makes it much harder to breach an account. 40 million stolen passwords is not the same as 40 million stolen smartphones!

LoginTC secures account access with cost-effective, scalable and user friendly two-factor authentication.

Learn more about smart authentication.

Start protecting your enterprise assets within minutes. Try for Free