A vibrant black market for passwords is indicative of the increasing sophistication of cybercriminals in stealing and selling passwords.
According to a Katie Petrillo, marketing programs manager of LogMeIn Access, the most appropriate response to this is for people to get smarter when it comes to cybersecurity.
Writing for LastPass recently, Ms. Petrillo explained that passwords, old and new, are obtained in numerous ways – cybercriminals have at their disposal various techniques for “infiltrating” online accounts.
This can be achieved through phishing attacks – which are on the rise – data breaches – increasingly commonplace – and brute force attacks.
“Even if your account doesn’t include access to cash or credit card numbers, it’s still extremely valuable and you don’t want it in the wrong hands.”
“Even if your account doesn’t include access to cash or credit card numbers, it’s still extremely valuable and you don’t want it in the wrong hands,” Ms. Petrillo goes on to say.
“It’s likely the account includes information that [an attacker] could use to access other accounts via a pretexting or phishing attack, such as family member’s names.”
Earlier this year, the LastPass Sharing Survey revealed that 81% of people share passwords that would put their identity or financial information at risk.
The poll also showed that sharing passwords is commonplace, with 95% of respondents admitting that they share up to six passwords with others.
While many are naturally concerned about how safe this practice is, passwords are nevertheless shared “because it’s convenient or necessary”.
“We try to share passwords with those we trust, but there's many reasons we need to share,” LastPass noted in an infographic.
“And we know sharing passwords can be risky. But bad password practices like reusing passwords and not changing them regularly can endanger our online security.”
Moving away from passwords altogether is one way in which people can boost security. It is recommended that passphrases be used instead. This is considered good password security.