You’re logging into a website you visit often and—unexpectedly—the site asks you to reset your password. You’re concerned. Has someone hacked your account? Has a data breach occurred? Can this site’s security be trusted?
Rest assured, in the vast majority of cases, a request to reset your password is actually a sign of proactive security, not a lack thereof – even if you do not initiate the reset.
Many companies and large digital destinations watch for users who habitually reuse login passwords. They’re trying to defend themselves from hackers who have accessed your password elsewhere and will try to use it to slip by their security measures and hack them.
The problem is, sometimes these companies aren’t very good at explaining their methods in layman’s terms. Often the average internet user jumps to conclusions when their favorite password isn’t working.
Why Is Using the Same Passwords Over Time So Problematic?
All companies are at risk for hacks and data breaches today, and it is their responsibility to seek effective solutions to protect not only their company data, but to protect their users’ data, too.
Sure, stringent password rules and resets can be annoying, but they are all part of a good defense against hackers. When a hacker can find or guess your password, it becomes all too easy for them to take over one or many of your accounts.
A common type of cyberattack today is called credential stuffing. In these cases, hackers steal millions of emails and their associated passwords from a compromised site. They then use an account checker to test these email/password combos across a large number of other websites in an attempt to login to any accounts that use the same credentials. Once in an account, they have access to your sensitive information and may even be able to further hack the company.
When you use the same password for multiple accounts, you open yourself up to a credential stuffing attack. All a hacker needs is your information from one poorly defended site and suddenly they can access any other account where you use the same login information.
How Do Companies Protect Themselves from Credential Stuffing?
Companies have many reasons to protect themselves and you from credential stuffing attacks. If your account with them gets hacked, they know they will be hearing from you. They know they have a responsibility to prevent hacks as much as possible. They also don’t want their own data to be breached.
So how do they prevent credential stuffing from happening?
They begin by regularly combing through known data leaks for any credentials that match those of their users and extract those emails that match. Next, they test the emails and corresponding passwords from their database of users by putting them through their own login system to see if those combinations work.
If the credentials match and they are able to login with compromised credentials, it poses a serious risk to your account, and they will require a password reset before you can log in the next time you try.
You might have noticed that the companies you have accounts with keep databases of your login information. Isn’t this a security risk?
Yes, but most login systems use what’s called password hashing to scramble a plain text password into a long string of numbers and letters that is stored instead of the much easier-to-steal plain text password. This is highly effective for preventing hackers from stealing long lists of easy-to-read passwords.
What’s the Best Way to Protect Yourself From Credential Stuffing?
While large companies invest in data security and protection, you can never be too careful or assume every website you frequent is effectively secure. That’s why you must stop reusing or recycling passwords and create unique, high-quality passwords for each of your online accounts.
Do not use names, dates or other words and numbers easily associated with yourself and your account. If you have trouble remembering many different unique passwords, rely on length to strengthen your passwords. Create “passphrases,” or strings of words, rather than a single password. Passphrases are harder for hackers to decode and are easier to remember for many people.
Recycling passwords means tweaking an old password just a little to create a new one. Hackers are becoming increasingly adept at guessing recycled passwords.
While there’s no way you can single-handedly prevent cyberattacks, companies and individuals can work together to minimize the risks when customers create secure passwords and companies utilize credential combing and forced password resets to protect their data.
How Can ATSG Help?
Most companies aren’t pros at cybersecurity and hiring enough IT professionals to focus on security issues might not be feasible. The solution is to work with a managed services provider like ATSG.
ATSG specializes in helping businesses create a better customer experience and protect against hackers with our tech-enabled managed security services:
- Endpoint & Mobile Security Monitoring and Management
- Security and Compliance Intelligence Services
- Vulnerability Management and Threat Response Services
- Infrastructure & Core Security Services
Our rediSecure portfolio is key to our success helping our clients prevent and manage cyberattacks. Our rediManage services enhance customer experience while monitoring for and addressing any issues.
Our enterprise-grade cloud service, rediCloud, provides a secure infrastructure for supporting critical operations. ATSG clients enjoy the simplicity and confidence of our rediDesk service that allows all applications and data to be stored behind firewalls and other security measures on the cloud.
Every day, ATSG works with enterprises to find cybersecurity solutions that work for them and their users. We outfit them with technology and support that identifies, fixes and monitors their vulnerabilities and threats so ensure their systems stay secure and operational 24/7/Always.
ATSG – Transforming the customer experience through tech-enabled managed services
Today’s choices for mobility, cloud, infrastructure, communications, applications and operations are mission-critical for small, mid-sized and large enterprises. ATSG, Inc. is leading the transformation into Technology Solutions as a Service with our tech-enabled managed services portfolio and a commitment to technology innovation, operational excellence and client intimacy. Recognized by industry leaders and industry-leading publications, ATSG has 25 years of operating history delivering exceptional client experiences that directly result in competitive advantage, cost-savings, growth and improved operational efficiencies. Visit ATSG.net, and call 1.914.517.2919 or visit one of our five Tri-State locations today for more information.