At ProFundCom security is one of our prime concerns. We have been working with external agencies to enhance our security and are at the stage where we need to seek our users for assistance.
Every bank-level secure web site we log into with a super strong password is only as secure as the flimsiest fly-by-night.com where we signed up with the exact same password. When the weakest link gets hacked and fly-by-night.com data is breached, the whole chain falls apart. Anyone can pluck our email and passwords out of the rubble and waltz right through the front door of our other bank-level secure web sites. And who would bat an eye? They’ve got our email and our super strong password. Any motivated hacker can go grab a giant list of logins stolen in data breaches, scan down the list to look for your email address, maybe find some passwords you’ve used before, and go try to log in to other sites right away. If you reused the breached password on another site, they’re in as you.
As internet users, there’s much we can do to protect ourselves online. We can start using password managers (like 1Password) for every single site. Every single time. We can use a free password breach notification service like Have I Been Pwned for early warnings of data breaches that could reveal our personal data. And we can take care to enable two-factor authentication (2FA) everywhere it’s available to us, guaranteeing that a breached password won’t be enough to log in on its own.
At ProFundCom, there’s much we do, too. We require strong, hard-to-guess passwords. We can offer two-factor authentication. But it’s not enough to celebrate sophisticated best practices when our average, everyday passwords are still 100% at risk of data breaches.
We can prevent attacks, and as results we will be tracking the reuse breached passwords to log in to ProFundCom — by keeping breached passwords out of ProFundCom in the first place. We can’t get out ahead of every new data breach, but we sure can catch their scent, track them down, and remove them.