The Reach of a Breach: Data Breaches and Password Lists
Now, what I neglected to mention was that this data was collected freely online from data breaches over a number of years. The main database, which thankfully remains unreleased, contains over six million unique username (email) and password combinations.
There are approximately 2.5 billion email using users worldwide. If we arbitrarily decide that 50% of those people also have a work email, then that means there are 3.75 billion email accounts actively being used.
Remember those 6 million unique username and password combinations? Well, they account for 0.16% of all active username and password combinations in the world. That means that each individual user you have on your network has about 1 in 625 odds that their email and password credentials have been stolen. To put that in perspective, a single user is about ten times less likely to die in a car crash than they are to be affected by the breaches that provided that dataset.
Let’s look a little closer at this though. New data breaches seem to occur a couple times a week. What this means is that, over time, everyone’s personal information, such as email, passwords, phone numbers, etc., are continuously increasing in their likelihood of being leaked, and trust me, the reach of a breach of your institution is quite far indeed.
Knowing this, what can you do to protect your network?
Well, there are two things really. The first is implementing a stronger and more dynamic password policy which would prevent weak passwords, and the second is expiring their passwords frequently. That’s a lot of work though and, as I always say, you should “work smart, not hard”.
A better solution would be to implement a robust system that both provides and automates password management, single-sign on, and multi-factor authentication.
AuthAnvil Password Solutions does all of this and more. Businesses use AuthAnvil to ensure proper password practices with the AuthAnvil Password Server, increase their security with AuthAnvil Two-Factor Authentication, and increase user efficiency with AuthAnvil Single Sign-On.