Technology
Empowering Lifelong Learners
- Technology
- Cybersecurity
- News and Notes
Systems Infrastructure
Page Navigation
What to do about password reuse?
Posted by Casey Scott on 10/20/2020
In the last post we discussed the potential problems with reusing your Denton ISD credentials to sign up for accounts on other platforms. After reading that post, you might be wondering what you can do to avoid this problem. This post provides a few practical steps you can take to help protect your info (and the district's computer systems) from cyber criminals.
1) Just <don't> do it!
One way to solve the problem of password reuse is to simply not reuse passwords. Create a unique password for each service you sign up for online. Change them frequently and whenever you are concerned that service may have been compromised. Clearly, if you sign up for a lot of online services, this can get unwieldy. Which brings us to recommendation #2...
2) Password Managers
If you can’t or don’t want to manage hundreds of passwords across hundreds of websites and services (and who does, really?), how are you supposed to have unique passwords for each one? Memorization is not really an option.
Luckily there are tools available that can help and might even make logging into multiple sites and services much easier and more efficient. They’re called password managers. They store all your passwords securely and can generate new passwords for you during the account creation process at a website. Most of them will also autofill your user and password info in a browser or mobile app and remind you to change passwords on a schedule. This allows you to remember just one password to your password manager app. It will remember the rest for you. This also allows you to use good, unique, and difficult to remember passphrases. Some more popular password managers are LastPass, 1Password, Keeper, Dashlane, and Bitwarden. Sure, the initial configuration of these tools can be a little daunting, but the resulting convenience and added security are worth the initial pain.
3) Multifactor Authentication
Another option to use in conjunction with password managers is multi-factor authentication, MFA. This may be the single most effective way to keep accounts safe from cybercriminals.
MFA requires that you enter a soft token, or digital code, retrieved from an authenticator app every time you login to a site from a new location or device. Some sites may even require it every time you login. This method might seem annoying at first, and again the initial setup requires some small amount of work. Users generally become quickly acclimated to the process, however, and the added security it provides is so valuable that a slight occasional aggravation and some minor lifting to get it setup seems a small price to pay.
Some popular MFA apps include Google Authenticator, Microsoft Authenticator, Authy, and many if not all password manager apps include some built in MFA apps.
What if my account has already been compromised?
Finally, how do you know if your favorite user/password combo is out there on the internet somewhere just waiting to be purchased by a cybercriminal? There are several sites available that let you check your email addresses against known data breaches. The most popular is haveibeenpwned[.]com.
This site will allow you to enter your email address and see what breaches it has been involved in over the years. Once you find that your email address was involved in a breach, you can visit that site and any site that you may have reused that password and email combination on and change your password. Other similar sites include breachalarm[.]com and dehashed[.]com.
Bringing it all together
With any security measures there is always a trade-off between convenience and security. How important is your bank account number? Your credit card balances? Your employer’s financial data? The three simple methods we've discussed today can go a long way in protecting your information online. And in keeping bad guys from using your district credentials to attack other Denton ISD staff and computer assets. Don’t let a lack of security awareness on that free math problems website compromise your (or the district's) sensitive data. #BeCyberSmart