What’s your password, again?

Sorry about being gone so long, but I’d taken ill and was even in the hospital for a few days as a result.  Not fun.  I’d go into detail, but that’s not the purpose of this blog.  I’m still recovering, so I might not yet be ready for daily posting, but I’ll work on it.

I read a study about password reuse between sites.  This is where users will use the same credentials to log on to multiple sites.  I know that it’s relatively common among my clients and other people I know.  The fact is, it’s just plain easier to use the same user name and password for every site.  That way you don’t have to remember what you used for individual sites.

The danger is if one of these sites is hacked and the user database is released into the wild.  In the study above, they used the databases from gawker.com and rootkit.com to come up with their comparison.  These databases had been hacked and published for anyone to download.  Security researchers have taken the opportunity to study them for things like password reuse and the use of easy to determine passwords.

Now, if security researchers can find out passwords that were used (and which ones were reused), bad people could determine this same information and try to see what other sites can be accessed with the same credentials.  Imagine having your e-mail account used to send out an enormous quantity of spam.  Imagine your Amazon account used to buy several items.  Imagine money being transferred from your bank or brokerage account.  All this because you took the easy way out and used the same credentials to log in everywhere.

At the very least, you should be using very unique and complex passwords at financial institutions.  You should also use unique credentials at online merchants.  Forums and the like?  Probably less important so long as you don’t use the same credentials as your bank or an online merchant.

As for making passwords unique yet still easy to manage, there are many software titles out there to help manage passwords.  You could use the old standby of writing things down (just be careful as to who may have access to this).  Another common tactic is to have a base password that you add unique information for each site.  With this method, you only have to remember the one complex password and possibly the order in which you add the additional unique details.  You could even write this down without revealing your base password and not have to worry as much about someone getting a hold of this.

I strongly urge you to consider what your passwords are and where they are used.  It’s always a horrific call when I have to help a client fix this after the fact.

One Response to “What’s your password, again?”

  1. […] Notes From The Tech Man Bringing a little insight into today's technology. « What’s your password, again? […]