The Flash Blog

Read the Latest Articles

Password Prefix for Dark Web Protection

March 26, 2020

By

Supplied by our friend Vincent Guyaux at FCI. Vincent supports advisors’ cyber issues on a daily basis.

The Dark Web is a part of the internet hidden to most users and search engines. A 2019 study by Dr. Michael McGuires at the University of Surrey, shows that the number of Dark Web listings that could harm an enterprise has risen by 20% since 2016 and of all listings (excluding those selling drugs), 60% could potentially harm enterprises.

Problem

Hackers steal usernames and passwords and put them up for sale on the Dark Web in this format:

Username: myemail@mycompany.com / Password: Mypa********

They only show the first few letters of a password to convince a buyer they have the complete password. Tools are available to search a domain name on the Dark Web and report any usernames and passwords associated with it and for sale. Imagine the reaction of users when we show them a report with their email address and the first letters of the passwords they use everywhere!

Solution

Create your password using the first few letters of the system you are logging into followed by a series of characters unique to this specific password. So for LinkedIn:

Username: myemail@mycompany.com / Password: Link73Ark44!

If LinkedIn is compromised, your credentials may end up for sale on the Dark Web like this:

 

Username: myemail@mycompany.com / Password: Link********

On a Dark Web scan report, this will alert you to change your password on LinkedIn, without worrying about the integrity of other passwords I other systems.

And how do you remember all these unique passwords? By using a Password Manager software like LastPass or 1Password.

https://www.fcicyber.com