This month, University Technology’s ([U]Tech) Information Security Office is marking Data Privacy Month by sharing information to help Case Western Reserve University community members keep their information private and secure.
The focus this week is on avoiding password reuse, which can bring increased risk of being victimized in data breaches.
With the multiple log-ins we all do every day, it’s understandable that a typical user tends to reuse login names and passwords across multiple websites and services. However, an attacker could therefore use login credentials from a user to exploit or steal information from many of the user’s accounts.
The potential security risk is considerable. Last month, an immense breach of user names and clear-text passwords was discovered circulating in the cybercrime world: 773 million email accounts and 21 million passwords. Some of these stolen credentials may even be those of CWRU users.
Here are three easy steps to keep CWRU accounts unaffected:
- Never reuse any password to an online site, especially if your login ID is the same as your CWRU email address.
- Check your email accounts for impact by entering them into the Have I Been Pwned? site to check if they have been compromised. [U]Tech recommends users try all of their email addresses, including FirstName.LastName@case.edu, firstname.lastname@example.org (CWRU Network ID), etc.
- Download and use the CWRU-provided LastPass password management software from the [U]Tech Software Center.
The LastPass utility works as a browser plug-in that will log into users’ selected sites, and ensure each online service has a different password. LastPass also includes an app for mobile device log-ins, and Duo Security two-factor authentication is an available and recommended option for LastPass.