Are you worried that this weeks leak of LinkedIn/last.fm/eHarmony will compromise your employees' passwords?

jlister

Whenever I learn about another password hack, I just send out my stock "password hack" email. Essentially, it says, "Hey, I know none of you little angels would use your work account passwords for personal stuff, but...." So that went out Monday for LinkedIn, Wednesday for eHarmony, then again today for last.fm. I limit it to major breaches, but all three of this weeks were what I would consider major. I am certain that some people use the same password for everything. So it doesn't take long for me to start thinking of someone looking at a LinkedIn account, seeing that John Doe works at Acme Corp, then using John's password to access his corporate email, etc. Maybe I'm overly cautious, I don't know. How much of an issue do you think this is?

Topic: Security
Answer this Question

Answers

2 total
jack12
Vote Up (21)

Better safe than sorry.  Without a doubt, unless you are at a very small company, there are people that are using the same ID and password across multiple sites and your network if username/password restrictions don't prevent it.  I'm sure a lot of passwords that are being used, assuming you didn't assign them, are the same absurdly weak choices that you see again and again: qwerty, password, 12345asdf, john316, etc.  Anytime you can use self-interest about things employees care about (oh, noes, my eHarmony account!!!!) to reenforce the importance of basic security practices, you might as well take advantage of it.  

jimlynch
Vote Up (20)

Just make sure they all change their passwords, and it probably won't be a problem. It's also a good idea to include information on how to set up strong passwords. Many people are utterly clueless about how easy it is for common passwords to make accounts vulnerable.

Ask a question

Join Now or Sign In to ask a question.
Google, Dropbox and the Open Technology Fund are supporting a new organization focused on making open-source security and privacy tools more user-friendly.
Among six major U.S. cities, CSOs are paid the most in San Francisco and New York, but factoring in the cost of living makes Denver and Chicago the best bang-for-the-buck places.
Apple's iOS 8 addresses a serious weakness that could allow attackers to hijack the wireless network authentication of Apple devices and gain access to enterprise networks.
Legislation introduced in the U.S. Senate on Thursday aims to place limits on access by U.S. law enforcement agencies to emails and other communications stored abroad.
Two online advertising networks, Google's DoubleClick and Zedo, have been delivering malicious advertisements that could install malware on a person's computer, according to the security vendor Malwarebytes.
Google is turning on data encryption by default in the next version of Android, a step that mirrors broad moves in the technology industry to ensure better data security.
CloudFlare said it has engineered a novel way to handle sensitive encryption keys that allows organizations such as financial institutions to still use its caching service to fend off cyberattacks.
Samsung on Thursday announced price reductions and updates for its Knox security and management software for IT shops and a free My Knox service that is directly available to professionals using ActiveSync.
The breach of Home Depot's payment systems may have compromised 56 million payment cards as a result of malware that has since been eliminated, the company said Thursday.
Apple outlined its new privacy policy and set up a site to explain what information it collects from users and how it handles it, as the company enters new areas like health tracking and mobile payments that have potential privacy implications.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+