We have to log in to apps and services constantly. We need to use a large number of passwords, whether it’s your workstation, laptop, phone, social network, or software at work. In reality, research indicates that the average person has up to 35 unique logins that they need to remember.
When you have signed up with a site, program, or any type of service, many times you are sent a welcome email with your username and password to sign in to your account. You trust them with your personal information whenever you sign up for a site. At least, they have access to your email address, and perhaps a lot more including your password.
Nearly 50% of the people forget their password and have to request and get new ones through email. If you click on “Forgot Password” and they send it to you via email, it is certainly insecure. They wouldn’t have been able to do this if the email had been encrypted. Instead, you will need to check that it is your account, then fully reset your password.
When you send passwords via email in plain text you risk the security of your account. If the email is intercepted by 3rd party, retrieving the password from the email is a trivial thing. No matter how obscure and unpredictable your password is, it does not matter. It can be read by anyone with access to your account as easily as you read it.
What to do?
Sending passwords over plain text email is extremely dangerous and Fortknoxster highly advises against this practice, instead, using the secure sharing functionality of Fortknoxster and avoid any exposure of your passwords.
Your email is also held on its way to you on many systems or servers. It will be stored in the email sent from the account it comes from, your own email server, and also any other systems or servers through which it passes.
A hash function is used by several sites, which converts the password into a set of digits. They only see these randomized characters if a hacker gets in. However, it’s a faulty algorithm, since it produces the same hash each time you enter your password.
Also, your email is mostly saved in plain text locally on your desktop or workstation. If it were to get into the wrong hands, the passwords would be open to criminals. It will expose your password to hackers if either of those systems is compromised.
Even deleting emails does not inherently indicate that they are permanently lost. In trash directories or elsewhere, they can stick around. If your email account password is compromised, bad actors can access all the passwords sent to you by simply demanding password resets.
Most users often appear to use similar passwords on different occasions. A staggering 40 % of people use the same passwords for their personal and work accounts, according to the 2020 Global Password Protection Survey.
The severity of the problem of password reuse is validated by these statistics and organizations need to take steps to minimize the ensuing risk. It is so common to reuse passwords that once it leaks via email, your other accounts will get compromised by third parties.
What to do?
However, it is understandable to reuse a password, but ensure that passwords are not on plain text when sent via email. In their security posture, organizations must make good password hygiene a priority. A unique, strong password should be given to every user, system, application, service, router, switch, and IP camera.
Data breaches have exposed over 4.1 billion documents and leaked passwords are responsible for 81 percent of hacking-related breaches, according to the 2020 Verizon Data Breach Incident Study.
On average, companies lose $4 million per year due to credential stuffing attacks, which are carried out via email using leaked and exposed passwords and credentials. Organizations cannot continue to neglect this growing issue and must take measures to mitigate the risks of bad password hygiene.
In conclusion, non-encrypted emails are not safe. They are vulnerable to hacking. Even if the website does not store your details as plain text, it is not safe to give you a comprehensive message.
Share password online securely using Fortknoxster, request your FREE 7-day trial, NO CREDIT CARD NEEDED.