The Far-Reaching Effects of Password Reuse
You probably already know that password reuse is dangerous. If you use the same password across all of your accounts, when one account is hacked, the rest are vulnerable. When a criminal steals username and password information, quite often their next step is to try the login information across a variety of websites.
Not All Security is Created Equal
Companies that store sensitive data do not employ all the same data protections. Your banking site likely has very strong security and encryption protecting its website, whereas a small e-commerce shop may not. If you share login information between these sites, you downgrade the security of all of your accounts to the lowest level. And you become an easier mark for cyber criminals.
Your Work Login and Password Reuse
Bed Bath & Beyond reported a data breach in October that compromised customers’ online accounts. While the company didn’t provide a lot of detail, it noted in a SEC filing that login information was acquired “from a source outside of the Company’s systems…” One security expert noted that the credentials may have compromised because a Bed Bath & Beyond employee reused their employee login and password.
Remember that millions of username and password combinations are floating out on the web from past data breaches. In fact, one study found that over 21 million credentials were tied to Fortune 500 companies. If a criminal sees an email address that appears to be tied to a corporation, they are likely to head straight to the company’s login page to try their luck. If successful, they may gain access to company sensitive information as they may have done in this hack.
Be Safe, Not Sorry
While we can’t be sure that password reuse was the cause of the data breach at Bed Bath & Beyond, it’s a definite possibility; if it didn’t happen here, it could happen somewhere else. Since none of us want to be the cause of a security incident at work, keep your work and personal online business separate: NEVER reuse your work credentials on any other site. Further, regardless of the password you choose, you should always use a personal email address to sign up for personal accounts.