This month, University Technology’s ([U]Tech) Information Security Office is marking Data Privacy Month by sharing information to help Case Western Reserve University community members keep their information private and secure.
The focus this week is on avoiding password reuse, which can
bring increased risk of being victimized in data breaches.
With the multiple log-ins we all do every day, it’s
understandable that a typical user tends to reuse login names and passwords
across multiple websites and services. However, an attacker could therefore use
login credentials from a user to exploit or steal information from many of the
The potential security risk is considerable. Last month, an
immense breach of user names and clear-text passwords was discovered
circulating in the cybercrime world: 773 million email accounts and 21 million
passwords. Some of these stolen credentials may even be those of CWRU users.
Here are three easy steps to keep CWRU accounts unaffected:
Never reuse any password to an online site, especially if your login ID is the same as your CWRU email address.
Check your email accounts for impact by entering them into the Have I Been Pwned? site to check if they have been compromised. [U]Tech recommends users try all of their email addresses, including FirstName.LastName@case.edu, firstname.lastname@example.org (CWRU Network ID), etc.
The LastPass utility works as a browser plug-in that will log into users’ selected sites, and ensure each online service has a different password. LastPass also includes an app for mobile device log-ins, and Duo Security two-factor authentication is an available and recommended option for LastPass.