Password reuse opens email accounts to abuse

Stephen Withers
Wednesday, 04 August 2010 12:32

Business IT - Security

It is a standard piece of advice that you shouldn't use the same password for multiple online services, especially those that are important to you. But it seems the message hasn't got through.

Security vendor BitDefender has found more than a quarter of a million email addresses, usernames and passwords circulating freely in online resources such as blogs, Google Docs, wikis, forums and torrents.

What makes it worse is that among the exposed Facebook, MySpace, Twitter and LinkedIn accounts, 75% used the same login credentials as the corresponding email account.

Given that most people don't change their passwords frequently - 87% of the accounts could be accessed using the exposed credentials - using the same password for multiple accounts increases the risk of broader compromise. If obtaining one password makes it easier to guess the login details for other accounts operated by the same individual, the bad guys get a head start.

As BitDefender officials point out, The security implications are numerous: ranging from data theft, email and social networking account hijacking for spamming and malware dissemination purposes, to financial losses through fake credit card accounts opened by using stolen identities."

Many online services will send a password reminder or reset to the account holders registered email address without any additional security checks.

So what should you do? Please read on.