Why Password Re-use is a Bad Idea and How to Avoid it
Cybercrime is increasingly becoming alarming nowadays, and the hackers' breach protocol to gain access to a whole load of data which is not theirs'. A study has shown that many of these data breaches can be averted because it is caused by one innocent factor from internet users. This factor is the reuse of passwords on several websites, computers, or mobile devices. And because we are all humans, we all have one thing in common- the tendency to forget multiple passwords, especially on different websites. Data analysis recorded the use of 90 million passwords each day on email addresses, bank accounts, bank apps, social media sites, app stores, and dating services. (90 million is but a rough estimate).
And because of the high number of sites and platforms that require passwords that we cannot remember for each, human instinct affords us with a solution. Why not use one password on every site and platform we access? Tada! The problem of having to remember passwords excellently solved, except of course when hackers somehow gain access to your login details on just one site or platform, then you are back to square one. Half a million computer users were monitored for three months in 2006. The study found that each user has an average of 25 accounts but only 6.5 passwords. This study means each user uses an average of one password on four sites. Also, most of these reused passwords are weak passwords.
The weaker a password is, the more likely it is used on multiple sites. It means stronger passwords are reused in fewer WEBsites. If a hacker gets access to the username/password combination used in a website, the likelihood that the same password will gain them access to other websites on their hit list is high.
While we cannot write off the use of Keyloggers and malware to gain access to users' private accounts, it still stands to reason that the simplest way to achieve so is by gaining access to password combination which is used on multiple sites.
This article will dive into why password reuse is a terrible idea, the consequences of doing so, and also how one can get out or stay out of it because it is a horrible idea. Also, valuable tips will be shared on apps and services that can help you create, remember, and manage your passwords.
Why Password reuse is a Bad Idea?
A vast majority of internet users may know that password reuse is a bad thing, yet, continue to do so. A survey was conducted on 2,000 internet users from the US, Germany, France, Australia, New Zealand, and the U.K by the password management app developer LastPass. The survey indicated that 91% of surveyed persons know that password reuse is a bad thing, yet 61% of them do it anyway. Their main reason is that human weakness- forgetfulness. However, only 29% of respondents change their passwords not because they've forgotten, but for security reasons.
The study by LastPass also indicated that 110 million Americans over the age of 18 had had their personal information exposed to hackers in 2014. Also, every minute, an average of 19 people become victims of identity theft. People tend to prioritize their financial accounts (69%) over retail (43%), Socials (31%), and Entertainment(20%).
These data should make you think twice before using the same password on multiple websites. Confronted with an overwhelming number of websites, devices, apps, and networks that require login credentials, it is human nature to give in to 'security fatigue' or what we call the 'I don't give a damn' attitude to reusing passwords. Also, personality can be blamed for such acts as indicated by the LastPass study reports. Of the 110 million users, each indicates a different behavioural pattern when it comes to password reuse.
Below is the categorization of people with 'password reuse syndrome' is done by the password management app of LastPass.
Some People believe in their proactive skills and organization that even though they reuse their passwords, they will not be at risk. In contrast, other folks believe their account is of little value to hackers, therefore, maintaining a casual attitude towards password reuse. Ask yourself this question, 'where do I fit in?'
Suppose you were to find an avenue where you can ascertain whether or not your email account has been compromised in any of the several data breaches reported. You'd find out that the surprise is when an email address is proven to have NOT been affected in a violation rather than been affected by one. A hacker group-Turkish Crime Family claimed to have to access 250 million Cloud accounts in March of 2017. How easy to one website hack leads to another being hacked and so on.
Now, some people dismissed the group's claim, but this same group provided 64 Cloud credentials to ZDNet. After contacts with the 54 users in question, it was confirmed. The group demanded a hefty ransom payable by bitcoin (so it cannot be traced) threatening to reset millions of iCloud accounts while also, wiping the accounts' associated iOS devices if the ransom wasn't paid on a prescribed date.
Of course, Apple Inc. should answer for this serious breach of data, but in response, Apple claimed that if the group's claim is valid, then the login information obtained was not hacked from the iCloud servers. In a statement released to CNET, Apple was quoted as follows “the alleged email and passwords appear to have been from previously compromised third-party services.”
When confronted, most of the iCloud users confirmed using their iCloud credentials elsewhere. It confirmed Apple's claim, even though 3 of the users in question denied ever using their iCloud login credentials elsewhere.
April 10, 2017, the group claimed victory by saying Apple had given in and paid the ransom. They posted a wallet showing payment of 401.731 bitcoin ($508, 459). Whether or not Apple made the payment, there has not been any report of iCloud account wiped.
Hard to prove but, it appears password reuse has a hand in the hacking of those iCloud accounts. Two-factor authentication will enable iCloud users to reset their passwords easily. Hackers wouldn't be able to access their accounts. Two-factor authentication will be thoroughly discussed in this article later.
While password reuse on multiple websites, apps, and devices may solve the problem of forgetting passwords, it may also give birth to other issues that could significantly affect your life. Password reuse on multiple websites makes it much easier for bad guys to access your data, bank accounts, and other important information.
Many websites nowadays require users to use their email addresses before they gain access to the services on their websites. So the bad guys will hack the website's database for the login credentials, plus the email address of their victim who uses it regularly.
Tips to keep your passwords secure in your day-to-day online activities
I can almost hear you saying to yourself 'what I'm reading makes sense, but I log into a lot of websites and apps, there is no way I can remember all my passwords if I don't use the same words or phrases.' If so, then you are in the bottomless dark pit, and it will not be easy to climb out. But all hope has not been lost, so don't lose yours. There are many ways to track all of your passwords without straining your memory. Here is how.
Password Management App
A password management app is an excellent way of keeping track of passwords, so you don't have to strain your brain. They are easy to download and set up. They notice when you enter new login credentials for a website and automatically store the information. They can also create and save strong passwords for login to keep away from that bottomless dark pit of password reuse.
Change the passwords for all your websites logins, apps, and online services
Admittedly, this process will be a bit tedious and a pain in the butt. But since you want to avoid a more significant problem in the butt, chill out, and change the passwords one by one.
Store each new password on your new Password Management App
Another tedious work. But many password managers are equipped with a browser plugin that allows the app to recognize new logins and save information. It may even remember the website you are on so it will provide the login details for you next time you visit the site.
Be sure not to duplicate any password
After changing all passwords and logins credentials, check to make sure you haven't duplicate any password.
Create unique and strong passwords for each new login
It doesn't require long essays. For every site, you create a login, be sure the new login is unique and robust.
Other ways of making your passwords more secure
I believe by now, you are already convinced that using a single password for multiple websites is detrimental. Then what if we intend to create a new password and password management app isn't nearby?
- Make sure no one is watching you when typing your password
- Before leaving your device unattended, always log off.
- Scan your computer regularly for Keyloggers and malware using security software.
- Don't log in to personal accounts on public or shared computers, and if you do so, always remember to log out.
- Don't enter passwords on an unsecured network
- Where using a password on an unsecured network is necessary, always use a VPN to secure your connection. A
- VPN keeps the information you send or receive from prying eyes.
- Change your passwords regularly
- If it becomes necessary to create a password for a new account manually, create a strong one. You can try #3efvgy7& which is a 'V' shape on a QWERTY keyboard.
- Be sure to update all changes to your password manager as soon as it becomes handy.
Daily, we get introduced to newer online services. Hence the increase in the number of online accounts we possess. The techniques above make it easy for us to avoid reusing passwords. We'll be 99% more secure than without these methods. In supplement, when there is an online security breach, people will be rushing to change their password on multiple accounts. But you can relax your nerves knowing you only need to change the password that pertains to the breached service.
What is a Password Manager?
Password manager an app that secures store and retrieve logins and password information used in websites, networks, apps, and other online services by encrypting the stored data and information and can only be accessed using one master password. Password managers can be installed on a user's computer and mobile device or accessed from a web browser. It makes it easy for users by remembering just one password to access several passwords and login credentials.
Most password managers sync all information between the app's website and the user's computer or mobile device by making use of cloud storage.
Recommended Password management companies
LastPass app is available on Android, iOS, and macOS. It also offers a browser extension for Firefox, Chrome, Safari, Internet Explorer, and Opera on Mac OS, Windows, and Linux. It keeps all login and password information behind a single password. Mobile users can use either password, pin, or fingerprint (on compatible devices).
Also available on Android, is and Mac OS devices. Information stored on the 1Password app is encrypted with the strongest encryption, which is the AES-256 encryption. The app not only stores and recall login credentials and passwords, but it can also store notes, debit and credit card numbers, receipts, bank account numbers, and more. All encrypted and password protected. You can access all information saved in the app on any computer or device as long as it is installed. Comes in handy for someone who uses multiple devices to recall login information or passwords.
Password managers solve the problem of having to remember a hundred of unique passwords. They store all logins credentials and passwords behind one master password in an encrypted vault. The above password manager companies are not the only companies available. But now that you know the danger behind reusing passwords on multiple websites, an essential step to securing your digital life is finding help to secure your workplace against digital threats. Enlist the help of professionals like us to keep your systems safe.