Login data found on lists of leaked credentials after hack attacks against service providers proved users continue to use the same id and password for more than one online account.
By choosing to reuse passwords for more than one account, people end up leaving all those accounts vulnerable to hacking. In case of a data leak, where logins get into the wrong hands, all other accounts with the same password can be compromised.
“This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then `replaying‘ that list against other major account systems,†Microsoft Account Group Program Manager Eric Doerr stressed in a blog post on July, 15. “When they find matching passwords they are able to spread their abuse beyond the original account system they attacked.â€
In light of recent data leaks that hit LinkedIn, Last.fm and, more recently, Skype and Yahoo, people need to know the implications of using the same password for more than one account. The moment lists with credentials are made public, Microsoft is notified to protect customers with the same login data for their Microsoft accounts.
Some of these lists are incomplete and pose no immediate threat to users, but some are complete or contain data that can help wrong-doers put together comprehensive lists that match usernames to their passwords. From that point, people’s identity is at stake.
Microsoft automatically scans these lists to see which customers may have compromised accounts to be able to notify them. “You’d be surprised how often the lists – especially the publicly posted ones – are complete garbage with zero matches. But sometimes there are hits – on average, we see successful password matches of around 20% of matching usernames.†Eric Doerr adds.
To stay protected, users need to know that a company, a bank, a service provider of any kind would never send customers an e-mail asking for passwords, usernames, account information or telephone number. As tedious as it may seem, users need strong unique passwords for every account online. They then need to be very attentive with the data they publicly share. And of course, people ought to use at all times a security suite to take care of the aspects they can’t handle personally.
“sometimes on average, we see successful password matches of around 20% of matching usernames.” from list already leaked, NOT 20% of Microsoft Log-in Data Compromised
20% of Microsoft Log-in Data Compromised-mean 20% from all microsoft log-in was compromised
[…] “This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then `replaying‘ that list against other major account systems,†it quoted Microsoft Account Group Program Manager Eric Doerr as saying in a July 15 blog post. […]
Time we all got away from just using passwords, user ID’s and cards. The solution is detailed on www.designsim.com.au, and is currently being implemented by two U.S banks and one in Hong Kong, for their ATM’s. Maybe Microsoft should consider adding it to their login application.
[…] 20 Percent of Microsoft Log-in Data Compromised (hotforsecurity.com) Share this:tweetMoreDiggEmailLike this:Like24 bloggers like this. This entry was posted in Better Blogging, Blogging Tips, Blogging Tools, Blogging Tutorials, WordPress.com Tips and tagged Hacker (computer security), security by timethief. Bookmark the permalink. […]
[…] 20 Percent of Microsoft Log-in Data Compromised(hotforsecurity.com) […]
[…] To make passwords harder to guess, SplashData suggests avoiding using the same username/password combination for multiple websites, and choosing passwords of eight characters or more with mixed types of characters. Microsoft also warned that re-using passwords compromises users’ online identity. […]
[…] “This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then `replaying‘ that list against other major account systems,†it quoted Microsoft Account Group Program Manager Eric Doerr as saying in a July 15 blog post. […]