Body
Article Summary
This article explains the risks of password reuse across multiple accounts, describes how cybercriminals exploit compromised credentials, and provides essential guidance on protecting your accounts through unique passwords and two-factor authentication.
Detailed Information
Understanding Password Reuse Risks
Many online services request email addresses as usernames, creating a common identifier across multiple platforms. While using the same email address is often necessary, reusing passwords across these accounts creates significant security vulnerabilities.
Recent major security breaches affecting prominent platforms like LinkedIn, Adobe, Tumblr, Forbes, Comcast, and Epic Games have exposed user credentials. Cybercriminals exploit these breaches through a technique known as "credential stuffing," where they:
- Obtain compromised credentials from data breaches
- Attempt to use the same username/password combinations on other valuable platforms
- Try password variations when exact matches fail
- Monetize successful account access by selling credentials or extracted information on dark web marketplaces
Solution
To protect your accounts from password reuse attacks:
Use unique passwords for every account
- Implement a password manager like LastPass to generate and store complex passwords
- Never reuse passwords across different services
- Follow University policy prohibiting UMS password reuse on non-UMS accounts
Enable additional security measures
- Activate two-factor authentication whenever available
- Use SMS or authenticator apps for verification codes
- Regularly monitor accounts for suspicious activity
Maintain password hygiene
- Regularly update passwords, especially after reported breaches
- Use strong, complex passwords for each account
- Keep your password manager secure with a strong master password
Environment
- All online accounts and services
- Banking and financial platforms
- E-commerce websites
- Social media accounts
- Entertainment and gaming services
- University systems