TurboTax maker Intuit notified users that a number of users that their accounts had been hijacked. Though not a breach of Intuit’s own systems, this was a case of credential stuffing, in which hijackers used old login credentials to break into other accounts. This is a perfect example of the importance of password hygiene – including regularly creating new passwords and not reusing passwords across multiple accounts.
Below is commentary from LastPass CTO, Sandor Palfy, on the dangers of password reuse and best practices for online security.
Sandor Palfy, CTO at LastPass:
To mitigate this risk, one should use long, complex, ideally completely random passwords, that are unique to every service and website. Obviously, most humans would never be able to remember dozens of strong passwords, so this is where password managers, like LastPass, come to help.
Password managers make it very easy to create unique passwords for each online account, store them in a secure vault, and automatically fill them the next time you log in to these websites. Many people may not know but some password managers can also store your personal data like addresses, credit cards, passport information and automatically populate into online forms asking for this data.
Additionally, with password managers your passwords and sensitive information is synced across all devices, so you can access them from all your mobile devices and laptops, at work or from home. LastPass is one of the only password managers offering this for free.”