Password importance and Comcast's lesson

Posted by Darren Crane on Mar 5, 2019, 4:35:04 AM

Recently it was revealed that Comcast, on their Xfinity mobile platform, used a default PIN of "0000" on all accounts to restrict the porting of phone numbers.  Once this was made known, customers were having their numbers stolen - or ported - to other carriers without their permission.

Comcast fixed the issue by adding additional required information to port a number.

However regarding the actual customers effected they cited password reuse as a suspected reason for the incidents.  Password reuse allows bad actors to easily access your other accounts where you've used the same password!   In this case, allowing the same fraudsters to easily access your Xfinity account to get your address, account number, and other information - giving them everything needed to port your number away without your permission.

The same could happen with any other service where you have used the same password.  This is not limited to any one service provider or company.

The Solution?

Use of a Password Manager to track all passwords and ensure that they are unique for each and every site is the current mainstream recommendation.

[ The full article on this can be read here:  Comcast Mobile: default PIN 0000 and password reuse ]

So what about Password Managers?

We love them.  We believe everyone should use one.

They allow you to not only store securely all of your passwords in one place, but they also allow you to create computer-generated randomized passwords that are unique to each site!  This is critical for security in today's climate.

The machine generated feature cannot be understated.  Humans will tend to be lazy and make a base password and use a formula to derive a unique password.  Like making your password Holly555TARGET for Target's website, and Holly555TD for your TD Bank login.  Criminals are smart and will figure this out in a second.

In addition, multi-factor authentication is a great way to further secure each site.  This requires you to enter not only your password, but also a constantly changing code from an app on your phone like Google's Authenticator, or from a text message you receive in real-time.

Password managers can also store and maintain those multi-factor authentication codes, eliminating the need for a separate app or text message!  Making all this security rather easy.

What do we recommend?

We have had great success with 1Password.  And, being that we support Macs, PCs, iOS, and Android alike - love the fact that their product family spans all those devices.  I have it installed on everything I own, with a complicated set of passwords to secure it all.
{Note: we aren't paid for this endorsement... it is a genuine success story}

What is your favorite password management strategy?

Tell me about your favorite password management product via twitter  

 

Topics: cybersecurity, news, passwords

CraneOnTech Logo

We invite you to be a part of the conversation!

Be sure to :

  • interact and respond to our posts
  • drop us a line
  • subscribe below so you are notified as new content is created

Subscribe Here!

Recent Posts