Brandyn Murtagh, a recognized ethical “white hat” hacker, has raised concerns about the ongoing exploitation of password variations by cybercriminals. Murtagh, with his years of experience in the world of cybersecurity, makes a key observation. He adds that information acquired through data breaches has long been available on the web anyway. His message is that people should know about possible security threats before they find out someone has hacked their account.
Murtagh’s revelations underscore how widespread the practice is of reusing passwords between sites. Sometimes just a full stop or an exclamation mark is enough to create a new logo. It’s unlikely that an individual is going to be targeted specifically. Typically, you are part of a cohort of thousands that have made the cut and are under consideration. These processes are scalable just as they would be in the private sector,” he said. His observations are a call for all of us to be more vigilant about password security.
The Scope of the Problem
As Murtagh points out, the spread of these data breaches have left a deep and wide pool of stolen user data. He points to platforms like DropBox and Tumblr as prime examples of places from which hackers have stolen sensitive data. For public health advocates, this trend is alarming. Cybercriminals must be thrilled by people’s reuse of password derivatives, making people more susceptible to credential stuffing attacks.
According to Murtagh, the first indication there’s a problem is when a user discovers someone was able to log into their account without authorization. This unauthorized access creates new, heightened concerns for the user. This can be a jarring and shocking wake-up call, particularly when their sensitive personal or financial information is involved. He argues that the onus is on people to have stronger passwords in order to avoid these dangers.
Recommendations for Enhanced Security
To combat the increasing threat posed by cybercriminals, Murtagh strongly advocates for the implementation of two-factor authentication (2FA) or multi-factor authentication (MFA). Collectively, these new security measures take critical steps to better protect those in and around schools. They need users to authenticate their identity via several steps before they can even log into their accounts.
Murtagh explained that with 2FA or MFA, it requires two steps to sign into a website. This method greatly increases the likelihood of preventing access by the public without authorizations. He urges users to take proactive measures, emphasizing that these practices are not only beneficial but necessary in today’s digital landscape.