Password Hygiene and Learning Points from the 2020 RedMart's Data Breach
On 30 October 2020, CNA reported that online shopping platform RedMart, owned by the Lazada Group, suffered a data breach. I've published an article into my findings and their significance and implications on the general public, which you can find here: https://research.reignofcomputer.com/2021/01/29/of-passwords-and-personal-information-investigating-the-redmart-data-breach/
While the above article is meant for a more general-tech audience, there is one segment I want to highlight: password hygiene. We hear a lot about not reusing passwords and adding some complexity to them, but how much does that actually help?
Password Length vs Complexity
Complexity isn't always the best strategy to use when coming up with a strong password. A longer password is always better, even if it does not contain symbols. This is best illustrated by xkcd's Password Strength strip:
As what format the service uses is unknown to us, it is best to ensure passwords are strong enough to withstand a database breach. For example, if I had a long password in the RedMart database breach, even if I reused my password elsewhere, it would be harder for a hacker to get the plaintext of my password.
For myself, I use the password manager LastPass to help me manage my passwords. It can generate passwords on my behalf with all the bells and whistles (e.g. 64 characters long with symbols), and I don't have to remember it. LastPass also has a mobile application so your passwords can follow you on the go.
More than Passwords
As society goes digital, cybersecurity becomes imperative to the safety of the general public. Other companies should treat the attack on RedMart as a warning of more cyberattacks to come from various troublemakers and channel more resources into beefing up their cybersecurity.
Consumers should ensure good password hygiene and take care not to leave personal data lying around the Internet. While PDPA in its amended form brings more protections, there are many services worldwide that do not fall under its purview. The Cambridge Analytica scandal proves that even major corporations like Facebook are not infallible.
Windows Developer | @ReignOfComputer