How Should You Protect Your Online Accounts? | CISOSHARE
  • Skip to the primary navigation.
  • Skip to the content.
  • Skip to the primary sidebar.

Stay Ahead of a Breach, Conduct a Tabletop Exercise Today - Call +1-800-203-3817

Schedule a Call

Leaders in Information Security Program Development
  • SERVICES

        • Security team reviewing an assessment

          Go Beyond an Assessment, Receive a Complete Roadmap.

          Schedule a Call

        • PROFESSIONAL SERVICES
          • Security Program Development
          • Program Assessment & Compliance
          • Security Advisory
          • Penetration Testing
        • MANAGED SERVICES
          • CISO Services
          • Managed Security Program
          • Risk Management Program
          • Third-Party Vendor Management
          • Vulnerability Management
          • Incident Management Program
  • COMPANY
        • WHO WE ARE
          • About Us
          • Our Approach
          • CISOSHARE Cares
        • WHAT ARE WE UP TO
          • News
          • Awards
          • CyberForward Academy
        • JOIN US
          • Careers

        • Security team reviewing an assessment

          Go Beyond a Security Program Assessment, Receive a Complete Roadmap

          Schedule a Call

  • RESOURCES
    • BLOG
    • DOWNLOADS
    • CASE STUDIES
    • PODCAST
  • CONTACT US
calendar icon

How to Protect your Online Accounts

Explore our Services

Categories

Explore Our Resources

  • All
  • Blog
  • Case Study
  • Download
  • Podcast
  • Video
protect your online accounts

Protecting Your Data on the Internet

Written by CISOSHARE

December 26, 2016

16 min read

Use Complex Passwords Across Multiple Websites and Applications

The majority of companies and websites have been breached. The most recent being Yahoo where over 1 billion accounts were compromised. These attacks result in accounts, and often passwords, being sold on the black market for reuse by criminals. If you use the same passwords across different accounts, you risk multiple personal accounts being compromised when one site is hacked. When your information is stolen (or bought) on the black market to access one site, it can then be used on another site where you may have used the same credentials.

The use of complex passwords is important because it takes longer for an attacker to decrypt or compromise. Most often passwords are stored in an encrypted manner, so when the information is acquired it must then be decrypted. The longer and more complex the password, the longer this process takes. If I am an attacker and I recently purchased or acquired a large number of passwords, I am going to go with the ones that crack first. Chances are these are the people that also use the same passwords across multiple sites.

Finally, the Yahoo breach was extremely troublesome because of password reset functionality on most sites. For example, if you had a Yahoo email address and used that email address for other websites as your username or primary contact method, this enables an attacker to use reset password functionality to have a reset link sent to the compromised account they control.

Tips For a Healthy and Secure Account Management Habits

1. Assess the websites and applications you visit (and those on your phone) in which you have a username and password.

On any sites where you use the same passwords, be sure to change the password so you have a unique password for each site.

Ensure you use complex passwords that are unique per site for each website you have an account with.

Whenever possible, try to use your cell phone as an authentication measure for password resets or changes instead of a primary or secondary email address. This technique, which is becoming more common on many sites, can greatly enhance the security of your accounts by adding another layer of authentication.

2. The tasks identified above can be simplified by using a password manager. These solutions install applications on your phone and as add-ins in the browsers that manage account access for surfing the Internet. These solutions can:

  • Automatically inventory all the applications in which you have accounts and measure the strength of your passwords.
  • Create new complex passwords for you whenever you need them.
  • Manage the logins to all your websites in an automated fashion.

3. Below are some links to password management related articles that talk about various password managers. I personally like and use LastPass for password management. However, as you read about LastPass you may see some bad press as it was a hacked a while back. It might seem unbelievable that I would still recommend it, but keep in mind that in my travels almost all companies, websites, and applications have been hacked, so I do not use this as a limiter in my selection process if there is good functionality.

Here are the links:

  • http://bestfreekeys.com/best-password-manager/
  • http://www.csoonline.com/article/2877613/identity-access/top-password-managers-compared.html

4. Need more help or have questions? Send me an email at mike.gentile@cisoshare.com or @mikegentile03 and either myself or someone from my team will help you.

Start your 2021 security projects early.

Explore Our Service
  • Previous Page
  • Next Page
Sign Up

Keep up with the latest and learn about information security programs from the experts.

By clicking Subscribe, I agree to the use of my personal data in accordance with CISOSHARE Privacy Policy. CISOSHARE will not sell, trade, lease, or rent your personal data to third parties.

Recent Posts
  • Considerations for Small Business Cyber Security March 24, 2022
  • A Guide to Building a Proactive Incident and Ransomware Program August 5, 2021
  • Ransomware Prevention Best Practices June 24, 2021
  • Find a Trusted Cybersecurity Provider: Avoid Fear and Make Progress Forward June 18, 2021
  • How to Make Sure You’re Prepared for a Ransomware Attack June 7, 2021
  • Cyber Security Basics: Development Methodology June 7, 2021

Latest Insights

Blog

Considerations for Small Business Cyber Security

Read Now

Podcast

A Guide to Building a Proactive Incident and Ransomware Program

Listen Now

Download

Download Your Ransomware Prevention Checklist

Download Now

Effective Security Doesn’t Have to be Complicated

Protect what matters most to your team in a way that makes sense.

Contact Us

Company
  • CISOSHARE Cares
  • Career
  • Support
Services
  • Managed Services
  • Professional Services
  • People Resources
Our Locations

San Clemente HQ
1315 N. El Camino Real
San Clemente, CA 92672
+1-800-203-3817

Stay Connected
  • CISOSHARE Linkedin
  • CISOSHARE Facebook
  • CISOSHARE Instagram
  • CISOSHARE Twitter
  • Privacy Policy
  • Terms of Use
  • Legal
  • Sitemap
© 2023

CISOSHARE. All rights reserved.

  • Manage Security For Me
    • CISO + Team
    • Managed Security Program
    • Prepare for Incidents
    • Assess & Secure Vendors
  • A La Carte Security
    • Security Policy Development
    • Security Assessment
    • Security Architecture
    • Pen Testing
  • Company
    • About Us
    • Our Approach
    • Awards
    • News
    • CyberForward Academy
  • Resources
  • Contact Us
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT