Jan 05 , 2021
A key tenant in Omerta defence strategy is good password discipline combined with controlled password management. By discipline we mean creating a unique, complex & suitably long passwords for every website, application & device that we use whilst "controlled password management" refers to the actual means used to track these passwords, store them and securely manage them.
Password security can be incredibly lax and a study about passwords in 2019 found that 80% of data breaches stemmed from passwords being compromised. Bad actors will go to extraordinary lengths to get your password because, when you step back and look at all other security measures available, gaining a users password is simply the most effective means to compromise someone.
During December 2020 it came to light that a huge state sponsored data intrusion had occurred in the USA government. The hack spread & more than 425 of the Fortune 500 list of top companies were affected; all of the top 10 telecommunications companies were breached; all five branches of the military were compromised; and all of the top five accounting firms were affected. The damage achieved a depth & scope unlike anything seen before and we won't know for years how bad this has been.
So when a government agency is hacked & over 300 000 users details are compromised, you'd think the attack was instigated by the cleverest of hackers; an IT guru straight out of the Matrix. A person who speaks binary & is fed nutrients va tubes directly into their brain because they are so jacked into technology.
But they weren't - how did Russia hack SolarWinds & expose 300 000 people in the USA? They got the password for the Government's security software (made by Solarwinds). The password? Have a guess.... solarwinds123
The damage caused will by unknown for a long time. The impact still may be huge. The damage done with be in the tune of millions & its all because a person couldn't (or didn't) make time to manage passwords properly.
You can read about the story here - https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department
ANd the follow up here: https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity
So remember; if you are serious about your security, make sure you treat PIN/Password with the upmost respect. Do not share it, ever. Hackers are more interested in phishing for a password they can use because it can provide unlimited potential. Don't help them, get involved in your security.