Wednesday, May 5, 2021

One Password, Slightly Used? - World Password Day

PASSWORD RE-USE:

Let’s say you have formulated the most perfect password that is possible to construct. It is easy to remember, a mile long, and has all the available character types. Now you’re set to use it for all of your accounts, right?

Not so fast. Even the most perfect password can be vulnerable to sophisticated attacks against the company that runs the servers that your account uses. In some recent high-profile cases, servers have been attacked and user account information siphoned out.  So even doing all the right things doesn’t mean a determined hacker can’t figure out what the password is (through no fault of your own).

Yikes! Now what? If this happens to you it could have serious consequences that you could not have avoided. But what if that perfect password that just got hacked is used for everything in your life?  All of a sudden, the attacker has access to EVERYTHING! Your social media accounts, your school accounts, even your bank account!

That is why we recommend you never “re-use” a password. If you have a separate password for each account, it won’t prevent a determined hacker from getting into one account, but it will prevent that same attacker from getting into everything.

But that’s a lot of passwords, right. “How am I going to remember all of those?!”

    1. As we covered in or last Daily Download, make your long passphrases something memorable. You can use that as a basis for a series of passphrases (a theme) and use significant variations on that theme (Remember, if they are too similar then it won’t be any better than using the same one for everything).

    2. Alternately, you can use a password manager. These are applications that can manage multiple account passwords for you. All you, then, have to remember is the one password for that application and it will do the rest. A Google search on “password manager” will give you a number of applications to choose from, each with their strengths, weaknesses, and prices (some are free). If you have questions, ask IT Security – we’ll be glad to help you decide on a suitable solution.

    3. Finally, avoid the temptation to allow your web-browser to remember your passwords. These are less secure than a password manager. Hackers may be able to “harvest” those passwords if you ever get malware on your computer (which is a whole topic for another time).  Besides being less secure, they only work when you are using that browser to access your accounts and they may forget all your passwords in certain circumstances.