Reusing passwords is a bad idea
It's not some kind of "technical wizardry" that causes Dropbox users to be hacked, but weaksauce passwords and poor security habits, like using the same password on multiple sites. That's the gist of what Dropbox security boss Patrick Helm had to say at a briefing, according to V3, which was in attendance.
"On a daily basis it's very obvious that our customers and users are getting attacked, and the way they are being attacked isn't through technical wizardry," Helm said. "We don't see zero-day attacks targeting us. What we see is password testing because of password reuse."
Helm says he's seen a pattern of hackers attacking websites, stealing encrypted passwords, and then using those passwords to infiltrate accounts on other sites. According to Helm, many encrypted passwords can be quickly decrypted and then bulk tested against websites and cloud services like Dropbox.
The three-part solution Helm recommends should be old hat to Maximum PC readers. It involves:
- Avoid using the same password on multiple sites and services
- Use a password manager if you have a tough time remembering multiple passwords
- Take advantage of two-factor authentication wherever possible
"Quite frankly, if you do those three things you're in good shape as a consumer," Helm said.
It's one thing to preach it, but another for users on a mass scale to put good security measures to use. To help with that, Dropbox is currently working on ways to encourage users to go through a security health check.
Follow Paul on Google+, Twitter, and Facebook
From maximumpc
from http://bit.ly/1dyiCSd
