One password does not fit all
Imagine you had the same lock on your front and back doors, your car, your safe, and your workplace. It would make life incredibly easy until somebody stole the key, at which point things could get very bad very quickly. Reusing a password on multiple sites is a similar situation which is why you should use a password manager.
Look for tips on password security, and you’ll read about how it’s important to have longer passwords, avoid common words, use numbers, and use unusual characters. That’s all true, but the moment you reuse a password, you undermine all this work. Once an attacker discovers your password on one site, its strength and complexity become utterly irrelevant anywhere else you’ve used it.
When cybercriminals get their hands on an unencrypted username and password, either by decrypting it or getting it from a leak of an unsecured database, one of the first things they’ll do is try it on other websites.
That creates a simple but scary situation across all the sites where you use the same password. Your most sensitive information is only as safe as the least-secured site allows. It’s a numbers game that you could easily lose. The people who used to compile the top 5 or top 10 security breaches of the year now have enough material to list the top 52 breaches of the year.
To check out how to increase your online security sign up for a 14-day free trial
Why Reusing Passwords Risks Everything
2020 brought the ultimate example of how many cyber criminals find it more profitable to try out known passwords rather than concentrate on directly attacking sites. One set up an “all you can scam” subscription service, giving hackers unlimited access to 23,000 leaked and stolen databases. (Perhaps predictably, the service was itself breached, with all 23,000 databases published online.)
So with those risks in place, why do people continue reusing the same password on multiple sites. It’s a simple enough answer: nobody can remember a different password for every online login they need. Over the years, different surveys have found different figures for how many logins the average person needs – 27, 90, 100 – but the one consistent pattern is that the reported numbers keep rising. And the chances are the reported figures are significantly underestimated.
That leaves many people trying to find a tolerable compromise between memory and security. The most basic of these is to use a unique password for the most sensitive websites and then a generic one to cover every other login. One problem here is that it’s surprising how many accounts would risk serious problems if breached. At the absolute least, you need to completely protect social media, e-mail, and financial accounts or be wide open to identity theft. You’re also gambling that every other site with a shared password could be breached without causing you significant problems.
Another compromise some people use is to have a generic phrase as the basis of passwords. Then the name of the site added to make it “unique”: rosebudnetflix, rosebudnytimes, rosebudmgm and so on. This might just do the trick for slowing down hackers who are automating the process and trying to find the most vulnerable among millions of potential victims. Unfortunately, if somebody is targeting you specifically, this tactic is not that useful.
Why a password manager?
The only real answer is to stop making compromises and use a password manager. That gives you the best of both worlds: you can create a unique password for every website you need to access, but you only need to remember one password. If your login details for a particular website are ever compromised, neither the original hackers nor anyone who gets the information will be able to violate your security on any other website.
This approach doesn’t just improve your overall security, but it can improve your specific protection on each website. Because you are no longer restricted by the need to remember multiple passwords, there are no limits on how complicated they can be. Not only can your password manager create longer and more secure passwords, but they can be genuinely random with no guessable patterns.
This won’t help in cases where the site stores data in unencrypted form (though having a unique password will limit the collateral damage.) But if your password is in an encrypted database that is accessed by attackers, having a password created by a password manager will mean yours is at the bottom of the target list when the attackers start trying to decrypt the data.
Not all password managers are created equally, however. You need to take into account ease of use, availability on different platforms, where your password data is stored, and add-on features such as a security audit for your existing passwords.
Team Password Has many features like:
- Multi-factor authentication adds a layer of security on top of passwords.
- Notifications that tell administrators when someone logs in or tries to change a password.
- Strong password generator that makes it much harder for criminals to decipher.
sign up for our 14-day free trial and see what Teampassword can do for you