THE BLOG

A Lesson About Password Re-Use: Don't

19/10/2016 15:18

With more high-profile figures hacked these days, there is a growing concern about such measures against other famous figures, and even ordinary people, who fail to abide by a simple rule: don't re-use your passwords.

OurMine is a hacking group that has recently caused havoc in this regard. "Cybersecurity 101" is vital and "Lesson Number One" is to take the time necessary and define a truly unique and secure password for each and every single one of your accounts. May sound simple, but not following these simple instructions can be destructive.

The BuzzFeed Case

The OurMine group decided to hack BuzzFeed in an act of retaliation. The text "HACKED BY OURMINE" were seen on article titles placed on the company's site homepage, along with advertising the group's own website, Ourmine.org. BuzzFeed rushed to inform the public about the incident through Twitter, explaining efforts were under way to "restore the altered articles, including the original report on the group."

OurMine has a history of using passwords that happened to be leaked in breaches of large scale. These passwords were then used by the group to access other social media or different types of accounts where a user might have actually re-used an exact password.

A Concerning Subject At Large

There have been many other cases of accounts compromised as a result of password reuse, and the lack of knowledge in this regard. Take for example the case of John Podesta, chairman of the Hillary Clinton campaign for the U.S. presidency. Hackers were able to take advantage Podestra's stolen e-mails being published by WikiLeaks to breach his Twitter account and actually tweet messages in favor of Clinton rival Donald Trump. This is a simple case showing when one account is breached, it is highly possible a dangerous domino effect will launch afterwards. If a probe digs deep they will most probably find similarities in password used by Podestra, as such an individual lacks the time to manage a variety of passwords for his different online accounts.

What about Facebook CEO Mark Zuckerberg? At least he has the necessary knowledge to adopt sophisticated passwords. Right? Wrong. Zuckerberg's own Twitter and Pinterest accounts were breached recently, showing how careless even the most powerful figures in the tech industry can be about the simplest concepts of cybersecurity. Again OurMine was able to infiltrate into Zuckerberg's Twitter account and post messages of the embarrassing breach. With a password as simple as 'dadada,' the hack is even tempting for any ordinary teenager, let alone a group with brute force capability. The Facebook chief is quite lucky, to be honest, as his last tweet dates back to 2012, leaving literally no private message or personal account information to be stolen by the hackers.

The sheer simplicity of how such seemingly important accounts are so easily breached should be a source of major concern for us all.

Any Solutions?

Here are a few simple basic rules:
• Completely avoid reusing passwords across online services.
• Advice about using a combination of upper- and lowercase letters with a mixture of numbers and symbols is now considered old school.
• The new trend is the use of unusual sentences, such as, "I am a 500-pound cotton gorilla," along with using punctuations for the first letter of each word, such as: "Iaa5-pcg."
• There is also the alternative of using an online password manager, such as 1Password, able to provide secure passwords.
• Another more developed method is the use of two-factor authentication by sending a text alongside a code, or verifying your log-in by using an app. This will make sure that even if your password is compromised, attackers won't be able to access your account.
The Issue is Quite Severe
There needs to be an emphasis on the undeniable fact that reusing password left the accounts of BuzzFeed, Podestra and Zuckerberg compromised and all the more vulnerable. And the more alarming concern is there is no racing to reassess our practice of digital sharing. All the while, hackers are becoming ever more experienced and finding newer and more effective methods to gain access to more of our very sensitive personal data.

Hacks by group such as OurMine always act as a reminder that the very thought of reusing a password is very dangerous. Curating and monitoring apps you provide access to your sensitive digital accounts is yet another highly sensitive matter that can be wrongfully exploited.
Anything from security risks of the physical type, such as posting issues related to your daily personal life on social media, to being breached and the resulting digital risks, must be taken into careful consideration. All of us need to be quite careful about our web activity.

We have to pay the price of maintaining security during our work and leisure on the Internet. Otherwise, rest assured there are people out there with devious intentions and highly on the lookout to take advantage of the slightest opportunity made possible by our carelessness regarding the most basic Internet security measures.

Paul McNeil blogs at TechMoralitics

Comments

CONVERSATIONS