I remember hearing that I am supposed to use a different password for all — a different one on every internet website where I have an account. What a nuisance! I can not recall all of those passwords. Yeah, I understand. You want me to utilize a password manager thing, but that sounds like putting a bunch of really important things into a single basket. Imagine if this basket has hacked? I use a strong password. Why isn’t that sufficient?
The hacks of several online services have brought this problem to light once more.
I’m sorry, but a single strong password simply is not enough anymore. You must use different strong passwords on every site in which you have an account.
And yes, you must devise a means to manage all of them.
Let me run down an example scenario that’s a cause of this emphasis on distinct passwords.
Along with the risks of exposing your password on your own machine, using the same password everywhere places you in the mercy of the service with the worst security. Hackers take passwords, email addresses, and user names they find and try to register with them at additional online services, that works amazingly often. Various passwords for everything averts it.
The situation I’m going to explain is quite common. While the specifics won’t apply to you just, it’s going to illustrate what could occur.
Let’s say you’ve got an account at some online service, Service A. Additionally, you have a Yahoo! account since you used it years back; a Google account, since you now use Gmail and quite a few additional Google services; a Microsoft accounts, because you have Windows 10; and we’ll throw in a Dropbox account, as you’ve been listening to me recommend it. You probably have other reports I haven’t listed here, but you get the idea. You have lots of accounts at a number of internet services.
You have a wonderfully powerful password which you have memorized: 16 completely random characters.
And you use the same wonderfully strong password for those accounts.
Anatomy of a hack on
Service A has the very best of intentions, but frankly, they don’t”get” security. Of all of the accounts you use, they have the weakest.
Perhaps they store passwords within their database in plain text, allowing anyone with access to view them. They do that because it is easy, fast, and simplifies their problem quickly. They make the assumption that the database containing your password will be impenetrable.
Hackers adore it when website designers make that assumption, as, naturally, the assumption is incorrect.
One afternoon, a hacker breaches service A’s safety and steal a copy of the user database.
They could log into your account on Service A. This may or might not be a big deal, based on what Service A is and how you use it.
It does not need to be a hack
It is important to understand that while this case centres around what we hear about in the news most often — the hack of online support and theft of their user database — it is certainly not limited to that.
Basically, anything which could compromise your password A attracts you to this point. That includes:
And so Forth.
Anything placing your single password to the hands of a malicious individual puts you at greater risk than you might assume.
Password skeet shooting
They have your email address and a password you utilize, stolen from Service A. Now the hackers go hunting.
Because most people have accounts on one or more of the major services I said, the hackers begin trying the information from Service A as though it were the correct information for Gmail, Microsoft, Yahoo, Facebook, Twitter, Dropbox, and much more.
Frequently, it functions. The hackers gain access to some other account of yours that has been totally unrelated to the first security breach.
Unrelated, of course, except that you used exactly the exact same password in both.
If you apply the same password a single leak of the password anywhere puts all your accounts at risk. Hackers are going to be able to log into some other online accounts as well.
OK, perhaps not all; maybe only a couple. But some is all it takes.
The weakest link
Note that this has absolutely nothing to do with the security expertise of the sites where your account is finally compromised. Gmail, Outlook.com, Yahoo, and many others have excellent safety, but that reality doesn’t factor into this situation in any way.
Service A has been the weak link. Their safety wasn’t up to the job. Their database was busted. Their advice was leaked. Your account info and password — the password that you use anywhere — has been exposed.
Service A was at fault. You’re at the mercy of the ceremony that had the poorest security.
Nevertheless, the actual problem is your use of the single password anywhere.
It should not be this manner
I will happily admit things like this should not occur.
However, they do.
And many services are better at security than our fictional Service A.
But it’s also not a black-or-white equation. Even large businesses, which don’t know any better or simply make a mistake, can place your information in danger. I hate to say that you can not trust anybody, but ultimately, you shouldn’t trust anyone not to accidentally expose your password.
And, as I mentioned previously, it does not have to be a significant service breach for there to be a problem.
Utilizing a different password on every website limits your exposure if any website is compromised.
Managing a Lot of passwords
So it comes down to the way to control a lot of distinct, lengthy, and intricate passwords.
Doesn’t that put all my eggs in one basket?
Yes, it will, but it’s an excellent basket. And I have taken additional actions to ensure that it stays that way.
Ultimately, it’s your decision. There are lots of password managers on the market.