PASSWORD RE-USE:
Let’s say you have formulated the most perfect password that is possible to construct. It is easy to remember, a mile long, and has all
the available character types. Now you’re set to use it for all of your
accounts, right?
Not so fast. Even the most perfect password can be
vulnerable to sophisticated attacks against the company that runs the servers
that your account uses. In some recent high-profile cases, servers have been
attacked and user account information siphoned out. So even doing all the right things doesn’t
mean a determined hacker can’t figure out what the password is (through no
fault of your own).
Yikes! Now what? If this happens to you it could have
serious consequences that you could not have avoided. But what if that perfect
password that just got hacked is used for everything in your life? All of a sudden, the attacker has access to
EVERYTHING! Your social media accounts, your school accounts, even your bank
account!
That is why we recommend you never “re-use” a password. If you have a separate password for each account, it won’t prevent a determined hacker from getting into one account, but it will prevent that same attacker from getting into everything.
But that’s a lot of passwords, right. “How am I going to remember all of those?!”
1. As we covered in or last Daily Download, make your long passphrases something memorable. You can use that as a basis for a series of passphrases (a theme) and use significant variations on that theme (Remember, if they are too similar then it won’t be any better than using the same one for everything).
2. Alternately, you can use a password manager. These are applications that can manage multiple account passwords for you. All you, then, have to remember is the one password for that application and it will do the rest. A Google search on “password manager” will give you a number of applications to choose from, each with their strengths, weaknesses, and prices (some are free). If you have questions, ask IT Security – we’ll be glad to help you decide on a suitable solution.
3. Finally, avoid the temptation to allow your web-browser to remember your passwords. These are less secure than a password manager. Hackers may be able to “harvest” those passwords if you ever get malware on your computer (which is a whole topic for another time). Besides being less secure, they only work when you are using that browser to access your accounts and they may forget all your passwords in certain circumstances.
