These password breaches highlight the employee password reuse problem
(Last updated on September 16, 2020)
Today, we’ve released the latest update to the Specops password list, a service that protects organizations from the use of known breached passwords in Active Directory.
“Today’s update further supports our commitment to making the Specops Breached Password Protection the best choice for protecting your corporate network from credential stuffing attacks,” said Lori Osterholm, CTO at Specops Software.
In our team’s ongoing analysis of the over 2 billion passwords on the list, we consistently find that password reuse from employees’ personal sites is one of the biggest risk drivers for an organization’s network.
Some of the personal site breaches in the Password list include:
- MySpace (359 million)
- LinkedIn (164 million)
- Dubsmash (162 million)
- MyFitnessPal (143 million)
- MyHeritage (92 million)
- Dropbox (68 million)
- ShareThis (41 million)
- HauteLook (28 million)
- Animoto (22 million)
- 500px (15 million)
- Whitepages (11 million)
- Armor Games (11 million)
- Fotolog (10 million)
- BookMate (3.8 million)
- Adult Friend Finder (3.8 million)
Sixty-five percent of people re-use the same password for multiple or all accounts, according to a 2019 security survey conducted by Google.
It’s easy to understand why – a 2015 study by Dashlane found that the average user has over 90 accounts that require a password.
Our team’s research into user behavior supports these findings.
In our survey from April 2020 we found that, out of 1,353 respondents:
- 45% of respondents did not consider password reuse to be serious
- 52% of respondents share their streaming site passwords
- 31% of respondents use the same password for streaming sites as they do for other “more sensitive” accounts, such as online banking
- 21% don’t know whether those who they share their passwords with share with other people
However, these attitudes and behaviors put your organization at risk.
“Password reuse is unfortunately common,” said Darren James, Product Specialist at Specops Software. “We see companies who think they’re protected because of strong password requirements but the truth is even a strong password that was reused on a breached site is a password that loses all of its value in protecting your network.”
Specops Breached Password Protection works together with Specops Password Policy so that companies can block all passwords found on the password list, making it easy to comply with industry regulations, like NIST or Cyber Essentials. The service blocks people from choosing banned passwords and informs as to why they cannot use the password.
Learn more about how Specops Breached Password Protection can help continuously protect Active Directory environments from leaked passwords.
About Specops Software
Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Every day thousands of organizations use Specops Software to protect business data.
Aimée Ravacon, Specops Software, +46846501241