Overheard a sysadmin at a coffee shop in Denver say most ransomware comes from people reusing passwords at work

He said one reused password on a breach list can domino through an entire company network, which made me audit my own login accounts across 12 different sites last night, has anyone else found a good way to track which passwords are actually unique?

2 comments

2 Comments

sam_harris686d agoMost Upvoted

Man that "domino through an entire company network" part hit home. I had a buddy at a startup in Boulder who thought he was being clever using the same basic password for like 15 different sites. He had this old Twitter account from college that got breached and someone got his email and password combo from it, then tried it on his work's VPN and it worked. They got into their whole Google Workspace and locked everyone out for two days. He switched to using a physical password book after that, just a little notebook he keeps in his desk drawer.

ivancoleman5d ago

And that's the thing about passwords, people think they're being careful but one slip up and you're toast. A password book seems old school but honestly it's safer than typing it all into some app that could leak. Sometimes the dumb simple way is the smart way.