<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=156961&amp;fmt=gif">
Sometimes, sharing is not caring.jpg

Sometimes, sharing is not caring

Guest blog by ID Agent

According to a study led by the UK Government’s Cyber Aware campaign, over a quarter of Brits of all ages use the same passwords across multiple accounts. This practice is extremely detrimental to the security of one’s online identity and can be even more dangerous if someone who has bad password habits works at your company.

Take Effie for example - she works at your company and is a well-rounded, productive, and vital employee. Effie is also a bit of a social butterfly and enjoys talking to people on her favorite forum. The password that she uses on her favorite forum site is also the password she uses for her work email, which is where problems begin to arise. If the forum site is compromised, a hacker could buy Effie’s email and password on the Dark Web, link Effie’s email to her identity, and then use that password to get into her work email. At that point, it’s as easy as sending another employee a document hiding malware from her email, which is trusted and unsuspicious to everyone else in the company (and possibly Effie herself).

This bad situation is made even worse if staff use the same credentials.

Effie, being the social butterfly that she is, has a friend Mallory that is going to South America on vacation. Because she doesn’t want to buy a bunch of mobile data in a foreign land, Mallory asks Effie to check in on her email every now and then and sends over her password via email. That makes two legitimate, unsuspicious company emails now compromised.

Sharing credentials makes it harder to locate the entry point of a malicious programme and can add to the spread of the programme, often without anyone’s knowledge. Another major point of failure caused by sharing credentials is when employees leave the company or want to cause the company harm. A familiar story is hearing of a disgruntled employee leaking sensitive company information or using services licensed by the company after their employment is terminated. Credential sharing can make it harder for investigators to locate who leaked information and can make it difficult to spot someone who hasn’t worked at the company in 10 years who is still using the company’s stock photo downloads.

The fact that people reuse passwords is not surprising, as the average adult has over 25 active online accounts according to research conducted by Forrester. Plus 61% of those surveyed by popular password manager, LastPass, are more likely to share work passwords than personal passwords. While one may think that people would not send their password to someone over email, 79% of Brits have sent bank details, copies of passports and other sensitive information over messaging systems according to a government survey, so the idea is far from far-fetched.

Here are the top 7 ways to avoid your credentials being leaked:

  1. Don’t reuse passwords. Don’t even use variations of the same password.
  2. Don’t share passwords with others, as this increases the chances of your credentials being leaked significantly.
  3. Create strong passwords No password1 or admin.Try and make a password that you can remember, but that is unique and seemingly random.
  4. Monitor the Dark Web for your employee’s credentials.
  5. Don’t use public Wi-Fi if you don’t want your data to be public.
  6. Keep yourself updated on the latest breaches. If a service you use leaks passwords or even emails, it’s time to switch up your passwords.
  7. Use two factor authentication when it is available.
Leaks DO happen though. That is why it is important to have monitoring services in place so that once a breach happens, you know immediately.

ID Agent offers both Dark Web monitoring services through Dark Web ID™, as well as comprehensive identity theft and credit monitoring solutions provided by Spotlight ID™. Credential sharing and poor password hygiene is a problem that a business could face without even knowing it. Don’t let a compromised email account within your company go unnoticed until it’s too late.

Mirus partner with ID Agent to deliver dark web monitoring, we will even offer you a FREE INTIAL SCAN, with a follow up report to let you know if there are potential problems in your defences.


The three pillars of Mirus are:

Delivering outstanding service.
Offering strategically successful solutions.
Providing consistent customer satisfaction.