As users of the internet, you must have passwords for a ton of online accounts. All eCommerce stores require logins now and then there is social media sites, tools and programs you use, and many others. But for so many people, they often either keep them all stored in their head or they have some kind of password storage service.
But even with all of that, there are still people who choose to be using the same password on multiple accounts. This is a terrible idea for anyone to use under any circumstance. Here is why.
Why So Many Reused Passwords?
Before delving into some of the dangers of reused passwords, it helps to know why people do this and the answer is simple. When you have so many accounts that you have to manage, the idea of having unique passwords being used for every single one of them is impossible.
You’re not going to remember each and every one of them.
So to make it easier, people gravitate towards easy to remember passwords. It’s why you see the common passwords be things like:
- 123456789
- Qwerty
- Asdfghjkl
- 12345
- Password
And many others. But people will go one step farther and use that password for multiple accounts. This is further reinforced by the fact our brain isn’t very good at retaining complex and abstract strings of information – which a strong password is essentially that.
As a result our idea of a complex password that we can remember is either that or tying passwords into meaningful patterns for us like your last name with the month and day of your birth, a family pet name or the street you grew up on along with the house number.
So What Are The Risks?
So what are the risks of reusing weak passwords all across the internet? Well a lot of things.
Credential Stuffing
The first is credential stuffing. This is an automated attack that takes compromised credentials from one leak or site and then uses those same credentials to other services and sites that are using the same name and password.
These sorts of attacks can take hundreds of attempts on dozens of websites in a matter of minutes.
These passwords are usually gained through data breaches or through phishing scams.
All in all it creates a chain of events where if one password gets compromised, a hacker will now have access to every website you have ever logged in with that contains the same username and password.
Worse, if the website that was initially breached ever reports they’ve been hacked and users data was compromised, most people will focus on that one site and not think about the multiple other sites that they used the same username and password on.
Identity Theft And Fraud
Putting you at risk of those tactics is bad, but what hackers do with that information is worse. Often times, these attacks are focused on letting hackers impersonate you and then perform all kinds of things. In most cases it’s typically for financial benefit.
- People could open up a mortgage or a loan in your name.
- They can get you to make all kinds of weird or unusual purchases.
- They can open up credit cards in your name.
- And they can do this now for the rest of your life.
So what can be done about all this?
Use Stronger And Unique Passwords
Because credential stuffing attacks focus on the same username and password some people might think it’ll be clever to just change that weak password to another weak password and everything will be fine.
Wrong.
If you’re using weak passwords in any capacity, it’s not good for you. Even if you try making passwords that tie in to your identity or lifestyle, you’re still not in a good position. After all, hackers do have access to dictionary attacks where it not only leverages lists of commonly used passwords but it cycles through them in attempt to “guess” your password.
These attacks take into account other generation techniques as well such as substituting numbers with similar looking letters (like the number 1 representing a lower case I).
All in all, passwords like those can be easy to crack if you’re the type who catalogues their life on social media in some fashion too.
What’s smarter than all that is to avoid meaningful things and instead look to password generator tools.
There are several of these on the market and many of them are free as well. These password generator tools not only generate strong passwords for you, but they can also store them within a secure access that can only be accessed by a master password.
What’s also nice about these password managers is that the passwords are usually encrypted. Furthermore with passwords being locked behind a single master password, you can make that one password tough to crack while keeping it in your mind.
Even if it’s a complex password, having to remember only one really tough password is a lot easier than trying to remember dozens of other passwords.