Welcome to #WeekendWisdom number 90. This week we’re going to talk about poor passwords and MFA.
Where is this coming from?
I met somebody earlier this week who had been in one of my training sessions earlier this year. They had been going on about the changes they had made as result of that training course. The main one he was delighted with was the use of an authenticator app for multi-factor authentication or two factor authentication.
He had put this on, on many of his accounts and he was delighted with it. Because when he had checked his email addresses on www.HaveIBeenPwned.com he found that he had been in a number of data breaches and that his passwords had been exposed in those data breaches. So he made absolutely certain put on multi-factor authentication on those accounts.
That sounds like a good course of action
Then I asked him “and you changed your passwords. Right?”
He said “No. No. I can never remember … I always forget my passwords when I change them. So I use the same password all the time. But now the accounts are fully protected sure with the MFA.”
What is wrong with that?
But I was explaining to him that if he continued to use the same password, that has been included in a data breach, then this is going to be in the public domain and criminals are going to be using that password to try and break into any other accounts that he might have, that he might not have protected with MFA.
So poor passwords and MFA is not a good idea
So really he needed to go and make an investment and get himself a password manager and I reiterated that and I will always keep saying you should use a password manager to generate unique long strong passwords for every single account that you have online. Let the password manager remember them. That’s it’s job.
So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.