It’s one of the most important things you need to do.
Using different passwords is much safer than using one password everywhere. In fact, it’s critical.
Because hackers know that most people have more than one account and that most people don’t take the trouble to set different passwords.
Become a Patron of Ask Leo! and go ad-free!
Admit it, you’re lazy
I’ll admit it: I’m lazy. When it comes to managing passwords, I’ll bet money that most people are.
One password everywhere is so much easier. It’s easier than even the easiest password management system.
It simplifies our lives not to have to remember passwords or use any special tools to remember for us.
The problem is, it makes hackers’ lives easier, too.
Hackers know we’re lazy
Hackers know that people find it easier to have one password everywhere.
Hackers know that people generally have more than one account.
Hacking a single account acts as a foot in the door to the others and leads to all sorts of mayhem.
One account leads to more
It’s easy to guess that if a person logs in with username X and password Y on a system like Yahoo! mail, it’s likely they’ll replicate both username X and password Y on other services.
Once they’ve breached one account, hackers get clues that let them access other accounts.
Account confirmations and notifications are frequently sent via email. What that means is that your hacked email account contains many clues as to what other accounts you have.
If you use the same password everywhere, it’s easy sailing for the hacker to quickly try those out and log in as you at multiple services.
For example, your Facebook login is your email address and a password. Well, if they’ve hacked your email account and you use the same password everywhere, they now know how to log in as you on Facebook.
The hack might not be your fault
Hacks happen through no fault of your own. You could be maintaining perfect security and still end up compromised.
Consider all the places you have online accounts. Let’s assume that the one with the poorest security gets hacked, and the contents of their entire username/password database is stolen.
You just got hacked, and it wasn’t your fault.
However: if you’re using one password everywhere, the hackers now know it.
There can’t be only one
The bottom line is that using one password everywhere is a risk you shouldn’t take.
At a minimum, use unique passwords for your important accounts, like banking and other financially-related activities and email.
All of your email accounts are important, particularly if they can be used for password recovery on other accounts. All a hacker needs to do is hack your email account and then run over to some other account and request a password reset to be emailed to the email account they now control.
Managing lots of passwords
Whenever I talk about giving each login a different, strong password, people strongly object. “No way am I going to remember all those passwords, especially if you’re going to insist that they’re complex on top of everything else.”
You don’t have to.
For example, I don’t know my online banking password. Who’s going to remember something like yFK86jk8q45B? (And no, that’s not it. I said something like that.)
Yet I use my account frequently.
Let your computer do the remembering for you.
I’m a big fan of password management programs, in particular 1Password.
It creates a secure database of your login IDs and passwords and stores them so that only you can get at them with your single, master password. (And yes, that password needs to be strong and memorable.)
Password vaults ease the entire process of logging in by filling in the user ID and password for you; you don’t even need to know what they are.
They use strong encryption to keep your password database secure on your machine(s) and support synchronizing or accessing that database across multiple machines and mobile devices.
And they enable you to use different and strong passwords on every single site.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!