Almost Half of Former Employees Say Their Passwords Still Work
It's not hacking if organizations fail to terminate password access after employees leave.
Password security helps prevent unauthorized access, while weak or reused credentials can expose accounts, systems, and sensitive data.
Search across headline titles and summaries.
Background for this topic.
Passwords are secret strings used to verify identity and control access to accounts, devices, applications, and services. They remain a common authentication method, but their security depends mainly on secrecy, length, and uniqueness rather than predictable complexity rules. A password reused across services can expose multiple accounts if one service is compromised; short, common, or previously leaked passwords are more susceptible to guessing and automated credential-stuffing attacks.
Practical defenses include using a password manager to generate and store a distinct, long password for each service, blocking known compromised passwords, and enabling multi-factor authentication (MFA) where available. Organizations should protect stored passwords with slow, salted one-way hashing, restrict and monitor authentication attempts, and provide secure recovery processes. Password changes are most useful after suspected compromise or exposure, rather than as routine changes that encourage predictable variations. Security teams should also treat password databases and reset mechanisms as sensitive assets during vulnerability assessment and incident response.
It's not hacking if organizations fail to terminate password access after employees leave.
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.
Privileged Access Management (PAM) solutions are regarded as the common practice to prevent identity threats to administrative accounts. In theory, the PAM concept makes absolute sense: place admin credentials in a vault, rotate their passwords, and closely monitor their sessions. However, the harsh reality is that the vast majority of PAM projects either become a years-long project, or even