Did you know? Cyber Criminals often go after usernames and passwords first because they are easier to get. Once an
attacker has your username and password, this allows them, the criminal, to bypass IT security controls. Think about it, if
an attacker can assume your account or identity, they have to access to everything you have access to. Simply put, do
not share your username and password with anyone, for any reason.
A common practice
Unfortunately, password reuse and sharing passwords with others is a common practice. Yes, sharing your passwords
with others weakens your overall security posture. In a Help Net Security article, SpyCloud’s VP of product management
Chip Witt, said that, “Year after year studies show that the use of weak and stolen credentials is the most common
hacking tactic for cybercriminals, yet 76 percent of employees at the world’s largest companies are still reusing
passwords across personal and professional accounts.”
The problem is twofold.
First, sharing passwords with others. You should never allow anyone to login to any of your accounts using your
username and password. If the other person needs access to your online platform, you should create his or her own
login in the service. Giving someone your username and password is never a good idea as it allows the other person to
assume your identity. Anything and everything you have access to is fair game. This problem is worse when the
username and password you gave out is reused across other platforms. Meaning, you reuse the same username and
password across multiple platforms. For example, your Spotify account is the same username and password as your
email account, etc.
Second, reusing the same username and password across multiple platforms and services is also a bad idea. This
exponentially increases your risk of compromise. As one platform or service suffers data loss, and the username and
passwords are exposed, attackers will try to see what other online services use this same username and password.
Usually, the attacker will check a victim’s email account then do online searches, using the email address, to see what
other platforms are tied to the leaked username and password.
Adding to this problem of reused usernames and passwords is that if you give your username and password to someone,
and you reuse that same username and password for other services, you are essentially handing over all of your online
services and platforms for the other person to access. No data breach needed. You also need to consider how that other
person saves your username and password. Did they write it down? Did they save it as a contact on their phone? Did
they email it to themselves? All of these methods weaken your security and put your personal data at risk.
What should you do?
Never share your username and password with anyone. Not even your IT people. There is never a good reason to give
away your personal credentials. SpyCloud’s research states that approximately 30Million business account credentials
are readily available on the criminal underground; do not let your credentials get added to these lists. Keep you
usernames and passwords safe by not sharing them with anyone and follow good password hygiene.
Wilson Bank and Trust is here for you. Should you need help, please do not hesitate to reach out to us online at
wilsonbank.com, our mobile app, or call us at (844) WBT-BANK (844-928-2265).
Have another thought, tip or suggestion? Leave it in the comments below. I would love to hear from you!