Have a Stolen Password? Here’s What to Do About It

Stolen Password?
Stolen Password?

Imagine losing your household keys and having no clue who has them or, worse, if they have access to your home. Similarly, your passwords are the keys to your digital castle, and cyber attackers are eager to steal them.  

Stolen passwords don’t just affect you as an individual; they can also compromise your entire organization by allowing cyber attackers access to critical systems and data. In fact, credentials are the primary means by which a bad actor can hack into an organization, with 61% of breaches attributed to leveraged credentialsStolen passwords open organizations to significant risks, such as compromised data and lost accounts to organizational downtime and compliance complications. 

Unfortunately, it’s no longer a question of whether a breach will occur but when. Just last summer, cyber attackers breached Colonial Pipeline using a compromised password, which they may have gotten from a dark web leak. Not all stolen passwords result in the takedown of the largest fuel pipeline in the U.S., but there can still be severe repercussions if your password is compromised. 

So, if you have a stolen password, here’s what to do about it.

Think You Have a Stolen Password? Change it Out

No matter your level of cybersecurity expertise, you are likely aware that compromised passwords are concerning. 92% of people know that using the same password or a variation is a risk, but 70% still use the same password or variations across accounts. Perhaps more concerning, 45% of people do not change their stolen password even after a breach has occurred.

If you even suspect your password may be compromised, there is no harm in updating it to a new one – especially if the original (or any variations) is used across multiple logins. When it comes to good password hygiene, do your best to avoid patterns, personal details, and of course, recycling.

Make Use of Multi-Factor Authentication

If a cyber attacker manages to obtain your username and password, multi-factor authentication (MFA) is another step of verification that can help prevent account compromise. MFA requires something you have or something you are – biometrics – to confirm authorized access to an account.

Without clearly defined expectations of good password hygiene and the utilization of MFA included in an organization’s data security policy and procedures, credentials are more likely to be stolen and used by a cyber attacker. Further, credentials may already be on the dark web without your knowledge. Once cyber attackers have access to compromised credentials, they can then attempt to log into more valuable accounts, such as email or financial services.

In addition to MFA, single-sign-on solutions (SSO) provide an authentication process that enables users to access multiple related applications or systems securely, using one set of credentials. Organizations that invest the time and resources into implementing an SSO solution add another layer of security to protect accounts.

Accept Help from a Password Manager

Creating new, unique passwords for every online account can be daunting, particularly considering we tend to underestimate how many accounts we own. Beyond the enterprise-level apps that might be standardized across your organization, each employee will likely have dozens more, whether they use them once a year or daily. Small businesses (1-25 employees) average 85 passwords per employee, while the average 250-employee company has approximately 47,750 passwords across the entire organization.

This is where password managers come in to protect your organization’s information while removing password obstacles for employees. Password managers like Keeper, 1Password, and LastPass, can help you create strong, unique passwords for your accounts while storing them in a secure vault, so you’re not stuck trying to remember each and every one. When there is no need to remember multiple passwords, you are less likely to password recycle and can safely rely on autofill information to retain access to your accounts. Even if a password is eventually compromised, the user will have only used it once. In combination with MFA, password managers can help stop a breach in its tracks.

Password managers not only let you manage hundreds of unique passwords for your online accounts, but some of the services also offer other advantages as well, including:

  • Saving time
  • Working across all your devices and operation systems
  • Protecting your identity
  • Notifying you of potential phishing websites

Stay a Step Ahead with Scanning

Compromised password scanning allows organizations to scan the dark web for stolen passwords or enable breach notifications to be made aware of any leaked data. Early detection of password theft alerts administrators and employees to change their passwords (using strong credentials) before criminals exploit them. It allows you to identify potential breaches more quickly and take preventive measures. This is particularly important given that many users recycle their passwords, using the same password across many platforms. 

Especially if you are already aware of compromised credentials, conduct a scan for them on the dark web to see if there are any others you might not have known about, and sign up for data breach notifications to stay on top of it in the future.

TL;DR

  • Stolen passwords will not just affect you as an individual; they can also compromise your entire organization by allowing attackers access to critical systems and data.
  • If you even suspect your password may be compromised, there is no harm in updating it to a new one that incorporates good password hygiene. 
  • Multi-factor authentication (MFA) is another step of verification that can help prevent account compromise.
  • Password managers protect your organization’s information while removing password obstacles for employees.
  • Compromised password scanning allows organizations to scan the dark web for stolen passwords.

Resources & insights

How Are Passwords Stolen and Why?
Blog
How Are Passwords Stolen and Why?
As new beginnings come with the spring season, it's time to purge harmful password hygiene habits and make room for robust password hygiene and multi-factor authentication tools.
Webinar
Cybersecurity Spring Cleaning: Keep Your Passwords Out of the Dark Web
As new beginnings come with the spring season, it's time to purge harmful password hygiene habits that can lead to your organization's credentials being caught up on the web.
october is national cybersecurity awareness month
Defendify Champions Cybersecurity Awareness Month 2022
Defendify is proud to be a Champion for Cybersecurity Awareness Month 2022. It continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online.

Protect and defend with multiple layers of cybersecurity

Faster. Smarter. Stronger.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One cybersecurity.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.