Are Your Credentials On The Dark Web?
Would you hand over your password to a complete stranger to log in to your bank or investment account? What about your email or other cloud service account?
Obviously, no one wants to voluntarily surrender their credentials to crucial accounts such as these. But every day, many users – potentially even your customers or team members – may be doing something equally as perilous.
We’re constantly being admonished not to use the same password for multiple accounts. At the same time, having an ever-increasing number of applications means also managing an escalating number of accounts.
Recalling individual passwords can be a hassle – if not implausible. A password manager can help. Ultimately, though, the most formidable threat of all is credential exposure.
What Is Credential Exposure?
Credential exposure is when a company in possession of your login information is breached – that is, personally identifiable information is publicly disclosed – and the attacker is able to access these account records.
If maintained inappropriately by the company being breached, those accounts can be laid bare, giving the attacker easy access to your login information.
Due to the fact that most applications now default to an email address for the username, and many people reuse the same password across countless applications, it’s not difficult to see how this can swiftly wreak havoc.
All of this may well leave you speculating about what steps you can take to defend yourself from dark web breaches. Here are a few commonsense approaches to keep your assets protected.
Implement Multi-Factor Authentication
The first thing you can do to safeguard your credentials is to implement multi-factor authentication (MFA) on any account that supports it. Resign yourself to using that authenticator app regularly – the additional time spent during logins will outweigh the time you’ll spend recovering from a data exposure which results in a compromised account.
There are a variety of free and paid options, including Microsoft’s Authenticator app, which harmonizes with the Office 365 and Azure infrastructure that many organizations are already using. This is the first of many measures to take and should be standard operating procedure in your office.
Use A Secure Password Manager
While there is a degree of risk connected with storing all your credentials in a single location, the benefit of having the password manager create and remember strong passwords is worth that risk for most users.
In addition, many password managers provide the means to safely share a password with another user, detect who has gained access to a password, and make sure that you are aware of which passwords need to be updated in the event that someone who has previously accessed a password leaves your company.
Perform A Dark Web Scan
There are a number of tools available that can execute a dark web scan – i.e., searching the results of publicly shared data breaches where credentials were exposed. Not only can these resources notify you of any exposures associated with your email account, they can also make you aware of the password which was exposed so that you know to refrain from using that one in the future.
Ensure That Your Product Set Is Secure
You need to ensure that the software you use with your clients is secure. Solutions such as single sign-on (SSO) allow you to access a specific program’s entire suite of products via one secure login, making it easier for you to set up and connect products, as well as manage your account.
Don’t Recycle Compromised Passwords
Lastly, it’s essential to bear in mind: if your credentials have been revealed publicly, you can never use that password again. Once that password is part of a public list – particularly one that’s associated with your email address – you can safely assume that it will also be included in a future attack.
If you use passwords similar to the one that was compromised, you’ll need to change those, too. The risk is too great to even contemplate reusing it; and any other account that uses the same password should be immediately updated as well.
Keep in mind that this isn’t personal. You may not have been the cause of the exposure, but that credential is now public. There’s no indignity in something you can’t control, but taking appropriate action after the fact is the only way to defend yourself going forward.
Keep these tips in mind when using and reviewing your login credentials in order to protect your assets from exposure on the dark web. Remember, every precaution you take today is one less risk to manage later.
Are you curious to find out whether your credentials are already on the dark web? We can perform a dark web scan for you! Call us at 252.329.1382 or visit dtinetworks.com today to see how we can help you #SimplifyIT!
An earlier version of this article appeared on the ConnectWise blog.