The Dangers of Reusing Passwords

October 04, 2012
Jason Hong

Passwords were a good idea in the early days of computing, when we only had to remember a few passwords. However, passwords don't work as well in the Internet era, when we have several devices and dozens of online services that we use every day (each of which might also have different password policies).

People cope with the sheer number of passwords they have in several ways. Unfortunately, the most common approach is to reuse passwords, which is risky because the loss of one password for one account--perhaps through malware, a phishing attack, or a break-in on a site--might cascade into the loss of multiple accounts.

Here's an example. Let's say you use the same password for your LinkedIn account and for your email. Let's also say that hackers break into the LinkedIn site and steal all of the passwords there. Using special tools, these hackers can quickly try a lot of passwords and eventually guess what those passwords are. And once they do, they will be able to access your email account and then start doing password resets on your various accounts.

So what are simple things you can do to protect yourself?

The first thing you can do is to use unique and strong passwords for important sites. It's ok to reuse passwords for unimportant sites, such as for news sites or message boards you don't often go to. However, you should have different passwords for each important site. An important site is one that:

 

  1. Has anything to do with money (such as your bank web site or an e-commerce site)
  2. Has sensitive personal information (such as your site for filing federal taxes or highly personal photos)
  3. Can be used for important communications (such as your personal email, work email, or social networking)

The rule of thumb here is, if an attacker stole your password for a site, how damaging could things be? If they could do a lot of damage, in terms of identity theft, stealing money, or stealing sensitive info from your workplace, then you need a unique password for that account.

The second thing you can do is to write down important passwords and keep them safe. This might include writing them down and storing them in a safe place in your house, or using a password manager on your smartphone (and make sure your smartphone has a PIN on it too).

Watch the video of Wombat’s Password Security training module.