TurboTax maker Intuit notified users that a number of users that their accounts had been hijacked. Though not a breach of Intuit’s own systems, this was a case of credential stuffing, in which hijackers used old login credentials to break into other accounts. This is a perfect example of the importance of password hygiene – including regularly creating new passwords and not reusing passwords across multiple accounts.
Below is commentary from LastPass CTO, Sandor Palfy, on the dangers of password reuse and best practices for online security.
Sandor Palfy, CTO at LastPass:
“Passwords play a huge part in one’s overall security, but people continue to neglect basic best practices. Some of the most common ways people are leaving themselves vulnerable online is by using weak, easy to crack passwords, and then using those same passwords on many of their other online accounts. Attackers who have successfully breached website X and stole the credentials of their user base, will then take those passwords and try to use them on other, more valuable sites, such as an online banking. If you used the same password that was stolen from website X, then you are at risk of losing your money.
To mitigate this risk, one should use long, complex, ideally completely random passwords, that are unique to every service and website. Obviously, most humans would never be able to remember dozens of strong passwords, so this is where password managers, like LastPass, come to help.
Password managers make it very easy to create unique passwords for each online account, store them in a secure vault, and automatically fill them the next time you log in to these websites. Many people may not know but some password managers can also store your personal data like addresses, credit cards, passport information and automatically populate into online forms asking for this data.
Additionally, with password managers your passwords and sensitive information is synced across all devices, so you can access them from all your mobile devices and laptops, at work or from home. LastPass is one of the only password managers offering this for free.”