Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Amazon Implements Password Reset after Credentials Leaked Online

Illustrating an abundance of caution that will stand its users in good stead, Amazon has sent out password reset emails after "a list of addresses and passwords" was leaked online.

Those emails and passwords were not, mind you, taken from an Amazon database. But the company said that because password re-use is rampant, it wanted to take the opportunity to prompt its customers to protect themselves.

In the statement to affected customers, as reported by Gadgets360, the company explained the situation:

“At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your Amazon.com account out of an abundance of caution…We recommend that you choose a password that you have never used with any website.”

The company’s responsible efforts are entirely with merit. SailPoint’s recent Market Pulse Survey for instance highlighted that poor password hygiene continues to plague businesses, with 65% of users admitting to having a single password for all applications.

Of course, proper password hygiene brings with it ease-of-use obstacles. Passwords should be long strings of random letters and numbers, with a mix of lowercase and uppercase characters. And, every account should have a different one.

Darran Rolls, CTO at SailPoint advises: “The longer and more complex the password, the safer it will be. Ironically, writing down your long passwords on a yellow sticky note is better than using short ones. What’s more, 12 characters should be the minimum. Avoid using dictionary words unless as part of a complex passphrase, and add special and mixed case characters wherever you can.

That’s not to say that the Post-It note is necessarily making a comeback to the cubicle.

“There are a couple of simple mental models that can help you remember your passwords, like using the first characters of a memorable phrase,” Rolls explained in an email. “For example, ‘Mary had a little lamb its fleece was white as snow 987654’ becomes ‘MhalLifwwaS98754’. This creates what is called ‘password entropy’ – complexity that makes it hard for the bad guys to guess your password.”

He added, “Try putting sites into mental groups (by value or name or something else) to help remember them. You can easily add something about the individual site to your ‘high entropy password’ to create something unique.”

There are of course commercial tools and solutions that capture, store and replay complex passwords—and enabling two-factor verification (something Amazon also urged its customers to do) is always a good idea.

Photo © Yeamake/Shutterstock.com

What’s Hot on Infosecurity Magazine?