It’s not easy!
It’s a lot to keep track of.
I have no idea where I’ve used that before.
There’s nothing in there that anyone would want.
You want me to go back and change ALL of my accounts?
These are all responses when a user is told that their passwords need changed and updated because their credentials have been breached. And quite honestly, none of them justify the lack of action that is usually taken.
According to a recent Google study, 25% of users ignore a breached password alert. That’s a whole lot of people working to give hackers job security. Data breaches are now commonplace. Rarely a day goes by without news of one in the headlines – or at least within the pages of the news since it is no longer attention-grabbing and has become commonplace – and as a result of it being normalized, we’ve learned to ignore the alerts. Like a car alarm in a crowded parking lot, we hear it, we look around, but we rarely do anything in response.
So, as IT professionals, it needs to be our response to those users that YES, you do need to go back and change all of your passwords and YES you do need to take the time to keep better track of those credentials.
And if they need more justification, explain that they may be ok with their data being stolen, but their actions affect more than just themselves at this point. One set of account credentials can be enough for a hacker to get into an entire business database and bring that establishment to their knees – so yes, I don’t care if it isn’t easy, it’s necessary. And it is critical to too many people that you respond and take action.
Bottom line, password management needs to be as important as protecting your accounts in the first place.