Re-using passwords? It’s time to stop!
Do you use online services such as LinkedIn, Twitter, Myspace or Tumblr? Are you re-using passwords with more than one online account? If so, the time has come for a re-think. The password you’re re-using may be suitably complex (this is still important – a post for some other time). However, the fact that you’re using it more than once puts you at risk. Here’s why;
So why is re-using passwords a bad idea?
You have a password for each online account, whether that be Facebook, Amazon or LinkedIn in the same way that you have a key to your home, the office and even your car. So while I’m sure you’d agree that it would be completely stupid to have a single key for all three (home, work and your car) why is it OK that you re-use the same password for your Facebook account, Amazon account and LinkedIn account?
Let’s just say for example you go out for a meal in town and decide to drive there. You enjoy a lovely evening with your partner but little did you know when the waiter took your jacket he took your key and got a copy cut. Now he has easy access to not just your car but also your home and even the office. Obviously in real life this is so unlikely but imagine for a moment it could happen. A pretty frightening thought right?
But my password hasn’t been stolen. Has it?
The answer is I don’t know for sure but it’s certainly possible. Reports surfaced last month that the login names and passwords of more than 100 million LinkedIn users were being sold online. While the data being sold is thought to have originated from a breach occurring around 4 years prior it’s probable that a large proportion of those users haven’t changed their password in this time. I personally use LinkedIn and did so back in 2012. Were you too?
That’s not all though as only a week or so later details began to emerge that a similar number of user’s credentials were also being sold online but this time in relation to separate breaches of both Myspace and Tumblr. It didn’t stop there though and in fact as I sat down Friday evening to begin writing this very article I got news of Twitter this time also having suffered at the hands of hackers. While we’re still waiting for further details to surface it certainly illustrates just how much of an issue this really is right now.
Why is this happening?
It was never much of surprise that as time went on we were going to see a steady increase in the amount of internet related data breaches. After all, the more we rely on computers and the internet, the more data there is online. The more data there is online the more data there is to be stolen. The more data there is to be stolen, the more data that will be stolen and so on and so forth. What’s more there is also significantly more of a financial motive for a hacker than there ever used to be with data collected from such breaches being sold online for thousands of pounds.
Last year such breaches got a fair bit of media coverage (most notably in the case of TalkTalk back in October) and 2016 hasn’t shown any sign of this letting up. And, if you take into consideration the little the authorities are doing or able to do (lack of funding and expertise arguable excuses) then it’s up to ourselves to ensure we do all we can to keep our own information safe.
What can I do?
Well it goes without saying that the really obvious solution is to simply stop using re-using passwords for multiple accounts. I know, I know but having so many passwords is difficult to manage. I completely understand this and if we’re going to be realistic the chances are you have dozens of online accounts and remembering a different password for each is no easy task for anyone. But wait, all is not lost and you do have some options here.
Have you ever heard of two-factor authentication? Two-factor authentication put simply, is a two-step process requiring the user to provide something they know (i.e. a password) along with something they have (i.e. a unique code sent to their mobile phone) before they’re granted the access being requested. As a result, this method will almost certainly mitigate against anyone attempting to login to an account using stolen credentials because they’ll only have one piece to what is now a two-part puzzle.
Currently a large number of online services provide this facility as I type and do so free of charge. The list of those offering it includes but is not limited to Apple, Google, Dropbox, Twitter, Facebook and Tumblr and with all providing instruction on how to get started there really isn’t any excuse not to enable this where possible.
Password Management Apps
When it comes to keeping ourselves safe online there is often a trade of between and security and convenience. But what if you could have the best of both worlds? Interested? If you want to go that one step further, then my advice would be to look into a password manager. While not affiliated with them in any way I am personally currently using Lastpass but have also used Keeper as well in the past. Both offer almost identical services with the former providing a free option for individual use and both offering paid solutions for teams or entire companies.
Password managers are great in that they keep a record of all your passwords, ensuring each one is strong and never re-used. This means that generally speaking the only password you need to remember is the one to the password manager itself. What’s more they also support two-factor authentication so access to the manager platform is pretty damn secure.
At the end of the day I’m realistic enough to know that most users probably won’t heed such advice and because of this I strongly expect and hope that the security guys behind such online services put in place systems to help protect users from themselves. This is all very well and good and until the time at which this becomes general practice we need to do more to look after ourselves because this problem isn’t going to go away any time soon. Cyber security is very much a moving target and so the defenses that keep us safe today won’t necessarily be half as effective come tomorrow.