Here is a little test to keep you amused during your next coffee break! Go to the website https://haveibeenpwned.com and enter a username you may have used or an email address. The site will then tell you whether your passwords have been stolen as a result of any of the many big security breaches that have occurred over the years, from the likes of MySpace, LinkedIn, DropBox and Adobe.
If your usernames and passwords were stolen in any of those breaches, it means you’ve been “pwned” – in other words, your password is now owned, or at least known, by the hackers.
Why does that matter? Well, you may (hopefully) have changed your LinkedIn password, for example, after it was revealed last year that more than 100 million LinkedIn IDs were being sold on the Dark Web. (http://www.bbc.co.uk/news/technology-36320322) So, with a new password, your LinkedIn account would now be safer.
But if you are like the majority of Internet users, you tend to re-use the same password (or couple of passwords) for a whole range of websites, and this is something the hackers can exploit.
Using automated tools they can test your username and password against any number of websites that you might use, and if they get a match, then they can steal your information and your identity.
Which just goes to show that the old 20th century model of username and password to protect users and their systems is long past its sell-by date. Adding another function to the login process – such as a simple code texted to a user’s mobile phone – is one simple way to kill this evil trade stone dead.
Fortunately, SecurEnvoy’s Tokenless ® multi-function authentication technology provides organisations with a quick, simple and effective solution to the problem. Whole communities of users can be enrolled on the system within hours and the system can run with the minimum of central administration.
The post Could you guess how many others now know your passwords? appeared first on SecurEnvoy Blog.