Thursday, June 8, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Building resilient and secure systems - Lessons from Devoxx Poland
  • MOVEit! An Overview of CVE-2023-34362
  • New Research Shows Bot Attacks Are Surging
  • Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution
  • Thoughts on The New 2023 OWASP API Security Top 10 Release
Security Bloggers Network 

Home » Security Bloggers Network » Microsoft Highlights The Risk of Stolen Passwords

SBN

Microsoft Highlights The Risk of Stolen Passwords

by Enzoic on December 12, 2019

Microsoft has just announced that a staggering 44 million accounts were vulnerable to account takeover due to the use of compromised or stolen passwords. This news comes on the back of the recent Disney+ launch, where password reuse resulted in cybercriminals taking over user accounts.

There is mounting evidence that despite repeated warnings, users are still flying blind, and companies are not taking enough action to prevent the use of exposed credentials, putting users’ data at risk.

Cloud Native Now

Why are compromised passwords a problem?

People’s desire for convenience drives then to use the same login details for multiple accounts. To put this in context, research from Google found that 65% of people reuse the same password for all or most of their accounts with another study finding that 62% of employees use the same password for their personal and work accounts.

A cybercriminal can simply obtain a password from a breach on one site, and then because of this password reuse, use that password to access that user’s accounts on other websites and systems. A study from Virginia Tech University found that 70% of users deployed an exposed password for different accounts up to a year after a leak. Even worse, 40% of people are reusing passwords, which were leaked over three years ago.

Companies and organizations must take action now

As cybercriminals become increasingly sophisticated, organizations must take steps to protect themselves and their users rather than hoping people will suddenly stop reusing passwords!

NIST password recommendations outline how organizations should verify that passwords are not compromised before they are activated and monitor those passwords on an ongoing basis. By checking passwords against a database of exposed or stolen passwords, organizations can significantly reduce the prevalence of compromised and stolen passwords. As the number of data breaches and compromised credentials expands continuously, checking passwords against a dynamic database rather than a static list is critical.

If a compromise is detected, it’s vital to institute an immediate, automated action. Automation allows organizations to customize the action such as a password reset to secure the account before additional damages can occur, or a prompt to the user to create a new password the next time they log in.

As we enter the next decade, companies must take action to protect themselves and ensure stolen passwords for their users aren’t putting their accounts at risk. At Enzoic, we provide a range of automated solutions that stop compromised logins or passwords from being used to activate accounts for users, customers, and employees. And, equally important, our products continuously screen to ensure that existing credentials have not been compromised.

Enzoic’s Active Directory tool would detect many of the exposed or stolen passwords in the 44 million accounts. It runs quietly in the background and only impacts users that are using bad, compromised, or stolen passwords.

It’s time for organizations to make a new year’s resolution to banish compromised credentials once and for all!

The post Microsoft Highlights The Risk of Stolen Passwords appeared first on Enzoic.


Recent Articles By Author
  • Twin to Win: Security Pros and Cons of Digital Twins
  • Making Password Management and Employee Productivity a Win-Win Situation
  • The Passwordless Hype: A Reality Check
More from Enzoic

*** This is a Security Bloggers Network syndicated blog from Enzoic authored by Enzoic. Read the original post at: https://www.enzoic.com/microsoft-stolen-passwords/

December 12, 2019December 12, 2019 Enzoic account takeover, Active Directory, all posts, exposed passwords, password reuse, stolen passwords
  • ← Exploring The Critical Components Of DevOps
  • China Finagles World Bank To Fund Surveillance In Xinjiang →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Thu 08

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Thu 08

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes

June 8 @ 1:00 pm - 2:00 pm
Tue 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Wed 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Thu 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Thu 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Thu 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Thu 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm
Jul 24

Identity and Access Management

July 24 @ 1:00 pm - 2:00 pm
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Chrome Extensions Warning — Millions of Users Infected
When it Comes to Cybersecurity, Prepare, Protect, Deploy
Red Sift Taps GPT-4 to Better Identify Cybersecurity Threats
FireTail Report Finds API Security Breaches are few but Lethal
Should You Trust Cybersecurity Certifications?
Technical Analysis of Bandit Stealer
Strengthening The Canadian Financial Sector’s Cybersecurity
BSidesSF 2023 – Sanchay Jaipuriyar – Overwatch: A Serverless Approach To Orchestrating Your Security Automation
Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective
Overview of Ransomware Solutions from Protection to Detection and Response

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift
Analytics & Intelligence Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Malware Security Boulevard (Original) Threat Intelligence 

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift

June 2, 2023 Nathan Eddy | Jun 02 0
‘Predator’ — Nasty Android Spyware Revealed
Analytics & Intelligence API Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Predator’ — Nasty Android Spyware Revealed

May 30, 2023 Richi Jennings | May 30 0
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | May 23 0

Top Stories

Sysdig Extends Reach of CNAPP Via Agentless Edition of Falco
Application Security Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Sysdig Extends Reach of CNAPP Via Agentless Edition of Falco

June 7, 2023 Michael Vizard | Yesterday 0
Netflix: Is Password-Sharing a Crime?
Application Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance News Popular Post Security Awareness Security Boulevard (Original) Spotlight 

Netflix: Is Password-Sharing a Crime?

June 7, 2023 Mark Rasch | Yesterday 0
Lacework Adds Ability to Manage and Secure Cloud Identities
Cloud Security Cybersecurity Featured Identity & Access Network Security News Security Boulevard (Original) Spotlight 

Lacework Adds Ability to Manage and Secure Cloud Identities

June 6, 2023 Michael Vizard | 1 day ago 0

Security Humor

Randall Munroe’s XKCD ‘Marble Run’

Randall Munroe’s XKCD ‘Marble Run’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.