If your company uses Citrix’ GoToMyPC remote access software, listen up: The service has been targeted in what the company termed a “very sophisticated password attack.”
On Sunday, Citrix (CTXS) posted news of a hack attack to its status page and said it had proactively reset all customer passwords. Customers were instructed to go into the service and set up new passwords,
The company recommended the use of complex passwords—not words found in the dictionary—that include a mix of capital letters, punctuation, and/or symbols. And, as has become the recommended practice, it strongly urged them to adopt two-factor authentication. That process requires both the use of a password and a second step, which typically requires a randomly generated code sent to the user’s phone via text or generated by an app like Google (GOOG) Authenticator or RSA (EMC) SecureID.
Get Data Sheet, Fortune’s technology newsletter
GoToMyPC competes with remote access offerings like Bomgar and LogMeIn (LOGM) and VMware (VMW) Workstation that let corporate IT departments reach out to remote workers to provide computer support, upgrades, etc.
Attacks like this illustrate the issues of modern corporate computing where business customers use an array of on-demand services, each of which requires password access. Users typically pick passwords they can remember and, in another dangerous practice, often use the same easy password for multiple services. Those practices will have to change to bolster security of corporate information.