Stop Reusing Passwords Across Multiple Devices, Websites and Apps
tl;dr
- Use unique and complex passwords on every single account and profile you have
- Use a password manager to keep track of your passwords
- For more information about how to keep your information and accounts safe, contact us using the form below
If you take one thing away from this article, let it be this: Use a unique and complex password on every account, device and profile you have. Password managers, like those build into most browsers (although we strongly recommend a separate password manager application separate from your browser) can help with this task, which may seem daunting. But it’s well worth your time, to tackle this task as soon as possible. Make it a point to start with your higher value or higher risk profiles and work your way out setting a unique, complex and randomly generated password for each profile or account. Do this for one set of profiles a day and log the new passwords in your password manager as you go along.
Profiles to consider adding to your task list:
- Banking
- Mobile App Store
- Mobile Payments
- Credit Cards
- Social Media
- Retail Websites
- Utilities Websites
- Online Buy/Sell Sites
- Fringe Social Media
- Streaming Services
Deactivate accounts you no longer use after resetting the password and each time you encounter an account you may not have reset during your first or second pass at resetting all of your passwords, take an extra few minutes to reset that account and add it to you password manager.
But, Why Though?
Often times, when user databases are compromised, unencrypted information like user names and passwords are dumped into online repositories. These repositories are searchable by anyone on the internet using something as innocuous as your email address. Alternatively, malicious actors may search these repositories for targets using more broad searches, for example:
site:https://pastebin.com breach “@gmail.com”
This Google Dork will return any pastebin repositories that contain the word breach and gmail email addresses. This can further be limited within Google to show only those hits within the past month, for example, by selecting ‘Tools’ and ‘Past Month’ or any custom date range. Breach data may be included in these repositories from a multitude of sources. Below is an example of a recent LinkedIn database that was compromised and then uploaded to an online repository. Below the sample displayed below was a list of over 100 email addresses and the associated LinkedIn passwords for these email addresses in plain text.
Eg. [email protected]:JohnsPassword
What To Do If A Service You Use is Breached
Okay, so you may be saying, so what if my LinkedIn profile is compromised? All I have to do is reset my password and it’s safe again. Sure, you may be correct, but going back to the original topic of this article, most people tend to use the same passwords on multiple platforms. Or variations of these passwords over time on various platforms.
Most people also use a single email address as for their username on several platforms. Malicious actors have your email address and a sample of the types of passwords you use. They can use this information to compromise other accounts you have that use the same email address and could be accessed by the same password or a similar password.
Why is this so dangerous?
Let’s say your Pinterest profile from several years ago, that you forgot about, is compromised. They get your email address and password:
Eg. [email protected] and JanesPassword
Now they can target another account you have and try to gain access to something more sensitive. This could be anything from an email account which can be used to reset your password and lock you out of other accounts such as your Apple ID or Banking Website to your Facebook profile which you’d linked to other payment methods and services. Going a step beyond keeping different passwords for each account you use, you can limit access to compromised or breached accounts by using different email addresses for different types of services. For instance, use an email address you do not share with anyone or any other service exclusively for your banking or more sensitive account profiles. While using a second email for general accounts such as social media and steaming services. And finally a third email for your publicly shared or highly visible email address that you use for connecting with people and business opportunities.