Are you using a Password Manager?

While FastBound has never had a security breach, you have undoubtedly heard of sites that have. As of July 2018, Troy Hunt’s Have I Been Pwned (HIBP) site has collected more than 11.7 billion compromised (aka pwned) accounts compiled from 588 website breaches and more than 114 thousand pastes of more than 222 million accounts alone. Data breaches have taught us 1) that most people don’t use a password manager and 2) humans love to reuse their passwords. Reusing passwords is extremely risky. It’s so prevalent because it’s really easy to do, and people aren’t aware of the potential impact.

Credential Stuffing Attacks 

Attacks such as credential stuffing take advantage of reused credentials by automating login attempts against systems using known emails and password combinations.

Consumers have no control or insight into how companies store their passwords. When they have a data breach, the email addresses and passwords are then made available for attackers to try at other sites and apps.

Password Manager

Using a password manager like 1Password or BitWarden to Generate long, strong, and unique passwords for each site you have a login for will significantly reduce your risk of falling victim to a credential stuffing attack.

Complexity adds unnecessary complexity

Current NIST password guidelines suggest that you focus primarily on password length instead of the complexity when creating passwords. Ironically, using complex passwords (adding special characters, capitalization, and numbers) makes it easier to guess your password. Complex passwords are harder to remember, which means users may need to update their passwords more often, making minor changes, making them easier prey for cyber attacks. NIST requires an 8-character minimum for passwords.

Don’t allow previously breached passwords

In August 2017, The National Institute of Standards and Technology (NIST) released guidance recommending that user-provided passwords be checked against existing data breaches. The rationale for this advice and suggestions for how applications may leverage this data are detailed in Troy Hunt’s Introducing 306 Million Freely Downloadable Pwned Passwords blog post.

Accordingly, when you set a password for the first time, change your password, or reset your password, we check to ensure that your password is not among the 11.7+ billion Pwned Passwords. If your password has been seen in a data breach, FastBound asks you to pick another one. FastBound also checks if your password has been breached when you log in to FastBound. If you log in with a breached password, we’ll let you know and guide you through changing it. If you use that same password on other websites, you should be changing it there, too. It would be best to use a random password generated by your password manager.

If you are curious about how we check your password against billions of breached passwords without breaching your password, protecting the privacy of searched passwords, check out Troy’s blog post about Cloudflare, Privacy, and k-Anonymity. It gets a little technical, but it’s worth the read.

Recent Blogs

Uncategorized

How to Get an FFL in Michigan

If you’ve ever thought about entering the world of firearms business in Michigan, you’ve likely ...
Uncategorized

What You Need to Know About Class 3 SOT

Navigating through the intricate landscape of firearms and their associated laws requires an understanding of ...
Uncategorized

What to Know about the Class 2 SOT

Understanding federal firearm licenses (FFLs) and the distinctions of each class is important for individuals ...
Software

FastBound’s Latest Release: Download Item Search Results & Much More

This time, we’re back with many new features and improvements that make tasks smoother and ...
Uncategorized

How To Get an FFL in Virginia

Virginia stands as a prominent destination for firearm enthusiasts, where the legalities of firearm sales ...
Legal

August 2023 Updates: Unpacking the New ATF Form 4473

A Comprehensive Look at the Revised ATF Form 4473: What FFLs Need to Know The ...
Uncategorized

What You Should Know About ATF Form 5

ATF Form 5 is a critical document when it comes to navigating the intricacies of ...
Uncategorized

A Guide To ATF Form 2

Navigating the intricacies of the ATF Form is pivotal for any individual or entity engaging ...
Uncategorized

How To Get an FFL in Pennsylvania

In recent years, there’s been a surging interest in firearms, not only as a means ...
Legal

What is ITAR Compliance?

In an interconnected world where the exchange of defense articles and services forms a significant ...
Uncategorized

What is 922r Compliance?

Navigating the complex maze of gun laws in the United States can be a daunting ...
Uncategorized

How to Get an FFL in Illinois

Welcome to our comprehensive guide on securing a Federal Firearms License (FFL) in the state ...