Coming up with and remembering endless passwords is the bane of my existence, and the fact you’re reading this on the internet mens you probably don’t like it either.
Which is why so many of us fall into the trap of using the same password on multiple sites, but this is quite possibly the most dangerous thing you can do when it comes to online security.
Password reuse is the shortcut hackers love
If only you know your password, what does it matter if you use the same one on multiple services? In a perfect world, you may be right, but hackers have different ways they can extract your password from the websites they hack.
Credit: Minerva Studio / Shutterstock.com
A common method is to “brute force” encrypted password “hashes” until they find a password that fits it and will unlock your account. However, if they have your email address and the password for one service, it’s easy to simply try that same combination on other popular services.
Since so many people reuse passwords, it saves the hacker plenty of hassle!
Even “low-risk” accounts can be the weak link
You may not care that some of your accounts get hacked. Maybe it’s an old forum that’s gone dead, or a service you never actually used and simply created an account for.
Credit: Valery Brozhinsky/Shutterstock
However, these accounts from small players may in fact be the most dangerous place possible to reuse passwords. These sites may not have good security, which makes them much easier to breach. Getting your password from a low-security site might give a hacker access to your bank account or other crucial services where they otherwise may have had no chance of cracking the security.
Your email account is the master key to everything else
Credit: Sydney Louw Butler / How-To Geek / GPT-4o
The most important account to give a strong, completely unique password is your primary email address. That’s the address you use to sign up for other services. If someone gets access to this account, it would allow them to reset passwords across the board and, of course, lock you out of everything.
In addition to a unique password for your primary email, you should enable two-factor authentication, and you should set up a backup recovery method, such as the email address of a trusted friend or family member, or a backup code. Depending on what your service offers.
Of all your online services, you should defend your primary email account like your life depends on it, because it pretty much does these days. The only copy of my main email password is printed on a slip of paper which is hidden somewhere inside one of my safes. But I’m perhaps more paranoid than most.
7/10
Supported Desktop Browsers
Chrome, Firefox, Safari, Edge, Opera, Brave
Price
Starting at $3.33/month for the Personal plan
Keeper Security is a reliable password manager that offers a monthly subscription (as opposed to an annual one, like Bitwarden), along with a completely free basic account that forgoes premium features.
Password reuse makes every breach personal
Credit: Rawpixel.com/Shutterstock.com
Big hacks target entire companies or large organizations, but if you reuse your passwords, you connect that data breach to every other online resource you’ve touched. This is why it’s crucial to isolate your different accounts. Yes, it truly is a pain to come up with passwords, remember them, and retrieve them, but at the very least, your bank, primary mail, and other key accounts that you cannot afford to lose access to must be completely unique.
It’s also important to know that we’re only aware of data breaches that have been detected or disclosed. It’s entirely possible that your credentials have already been exposed in a data breach from years ago that no one knows about. This is one of the reasons that many modern online services give your passwords an expiration date and force you to change them.
Then, of course, we have the tendency to just mix up our existing password or change some small part of it because we can’t be bothered to think up something unique when blindsided with an expired password. Which, again, is why some services will tell you your new password is too similar to the old one.
You see, even if you remix your password or change parts of it, hackers who know one of your old passwords can use it as part of a “dictionary attack”, where the assumption is that the target password is similar to a known password, and so a password cracker can go through all the permutations in seconds, because there are only so many combinations.
The easy fix: Let a password manager do the work
The simple solution here is to simply use a specialized password manager. We maintain a list of the best password managers and there are even good free password managers if you don’t want to spend money right away.
A password manager will securely store your passwords, generate new ones when needed, and automate updating and recording all of your passwords so that you don’t have to remember any of them.
8/10
Supported Desktop Browsers
Chrome, Edge, Safari, Firefox, Opera, DuckDuckGo, Vivaldi, Brave, Tor
Price
Starting at $10/year
Free trial
Free account available
