Reusing passwords leads to significant endpoint security risk

by Charles Leaver

December 10, 2013

access_time 4 min read

Organizations that do not utilize best practices for information security put themselves at increased risk for data leakage. While these strategies include encryption and endpoint data protection software, individuals can also enhance their security by using different passwords, noted a recent industry study.

The report was a worldwide survey of more than 10,000 users compiled by industry security experts. The information collected showed that around 60 percent of individuals reuse passwords. The same login credentials are utilized for an average of 49 websites by the typical user, according to the survey.

This can present a serious endpoint security risk, especially if the pass codes being reused are those that protect enterprise databases or other business networks. If a hacker is able to figure out the password used on one site, they now have the ability to open that and every other resource which the user has protected with the same code.

Social networking passwords pose a threat
The report showed that more often than not, these passwords stem from social networking sites. Because users are on these sites fairly often, this code becomes one that is easily remembered and therefore utilized for other purposes.

"The problem with the breach is not that your Living Social password got out there on the web," said security expert Nishant Mani. "It's that the same password, along with the same login ID, which most people seem to use on many sites, is now out there."

This risk is heightened when users utilize the "Keep Me Logged In" feature available on several social media sites, stated Network World. When users choose to utilize this time-saving measure, a cookie is stored on the device which could be later leveraged by cybercriminals.

"Malware can harvest that cookie from you and send it to an attacker who can use it to impersonate you," security expert James Fenton told Network World.

A variety of portals now offer the "Keep Me Logged In" feature, including email and other platforms. Furthermore, anyone that has access to the device is able to connect with the site, giving them the ability to steal or snoop any personal information from the page. This means any sensitive data stored on the site could potentially be at risk of data leakage.

To prevent this, users should utilize different passwords to guard their different endpoints. No two websites, databases or other resources should have the same password. Experts also advise that if this information must be stored somewhere, it should be written down and kept in a physical location as opposed to being placed in a device. In this way, if the device is compromised, the passwords remain protected.