To follow with the latest security requirements recommended by Cyber Security Firms requires superhuman abilities: a password should be at least 12 characters long and use a combination of letters, numbers, special characters… you know the drill. But more important is the fact that you shouldn't re-use your passwords with another account. In other words, it’s necessary to come up with something unique that doesn't make any sense, and remember it for each and every online account you have.
So ask yourself: How many online accounts do I have and can I remember all of them? You know the answer...
That's why many people simply drop key elements of a secure password – its uniqueness or length – and start creating passwords that include personal details, which is a huge no-no! Remember this makes passwords more easily guessable by hackers or anyone with ill intent. Don't believe us? Use a data mining website like peoplesearch.com or truepeoplesearch.com. Thinking about using family information? Check out any ancestry website like ancestry.com or familysearch.org. You'll be shocked how much information can be easily obtained for free or for a few bucks per month.
Worse than using key elements of your personal life is following the same process that a majority of people do when creating a new password. Examples include only capitalizing the first letter in their passwords, using a string of keys on the keyboard such as "123456" or "qwerty" or adding the number "1" or an "!" to the end of a password. Worse yet, is using a password from the list of the top 10 or top 20 passwords from the previous year.
This shouldn't be such a major problem itself if the password is used on platforms that have low potential for an attack. Studies show, however, that on average users in the U.S. have about 130 online accounts connected to a single email address. The problem begins when such accounts include services such as PayPal, Wal-Mart, Amazon, eBay, and the like. Websites such as these often keep your payment methods saved for easy check out. What about banking and credit websites like Bank of America, Wells Fargo, Citigroup, PNC, Truist, Capital One, American Express or Vista? Gaining access to someone's personal email often grants access to other websites when an online account password reset request is submitted.
How Dangerous is using the same Password for Multiple Online Accounts?
When customers use the same password on online banking services, ecommerce sites and other internet-based services requiring sensitive data they are unwittingly contributing to rising fraud of accounts.
Hackers use a combination of sophisticated techniques such as phishing attacks and advanced password cracking methods to gain access to people's data. The number of fraudulent transactions continues to rise each year,
There were 1,686,121 reports of identity theft in the United States of America in 2021 alone.
Government documents or benefits fraud was the most common type of identity theft in 2021.
Those aged 30 to 39 reported the most cases of identity theft.
Rhode Island, Kansas, and Illinois were the top three states for identity theft per capita.
Credit card fraud declined by 1% from 2020 levels, with 389,845 reports.
There were 1,862 data breaches in 2021, a 68% increase from 2020 and an all-time high.
The number of people affected by data breaches decreased from 2020, with 293,927,708 people impacted in 2021.
There’s a reason why the numbers of Identify Theft continue to climb year after year...
By using the same password across all online accounts simply makes a hackers job easier to access someone's whole digital life. It's like leaving the keys under the doormat while on vacation after posting on Facebook that you'll be on a cruise for two weeks. If a hacker gains access to one user account, he or she can easily take over all online accounts and impersonate them.
If the hacker has the password for one service, it's a no-brainer for them to check whether that password has been reused on other sites. They'll check popular shopping sites, social media accounts, email accounts, online forums and more. Using the same password may get a user locked out of their digital life in mere minutes. Below are just a couple real world examples:
In November of 2019, Ars Technica reported that a number of user credentials from VPN provider, NordVPN, had leaked online. Shortly after, the breach notification service “Have I Been Pwned” reported upwards of 10 lists of compromised NordVPN user credentials. All of the compromised passwords were very weak. And they were all obtained through credential stuffing. Hackers never had to break into NordVPN’s systems to steal passwords, they just had to guess using login credentials from previous leaks.
Again, in November 2019, just a few days after the launch of Disney’s new streaming service, Disney+, evidence started appearing that it fell victim to a credential stuffing attack. Hundreds of subscribers took to Twitter detailing how they were being logged out of their accounts and having their username and password changed. Just four days after the launch of the service, thousands of Disney+ accounts had already been compromised, according to zdnet.com.
In April of 2020, as reported by Forbes, Zoom was hit with a credential stuffing attack that compromised 500,000 user accounts. In this instance, security researchers from intsights.com found that the attackers used old databases of compromised passwords sold on online hacker forums and dark web markets. Some of the databases dated back to 2013.
Can You Reuse the Same or Variations of the Password?
If you ask a security expert, the answer is a resounding no. They will recommend not using any kind of variations of the same password for a simple reason: humans are the weakest link in IT Security. If you ask any large company who has experienced a data breach the reason why, they'll usually report back that it was some kind of human error. Even still, when we create strong passwords, software can still crack them by sheer brute force. So next time you get hung up on a website with a CAPTCHA (Prove you're not a robot) request remember this site is protecting against repetitive brute force login attempts. Just remember using a weak password – or variations of the same password – is akin to handing over the keys to your digital life, because password cracking software will guess it in minutes.
What Do Security Experts Recommend?
The thing that all security experts will agree on is that you should use a unique and strong password for every account you have. There’s a strong argument backing this good piece of advice: if a hacker gets access to one of your accounts, he or she will need to work harder to break into all the accounts that you have. Hopefully giving you more time to react and prevent further damage.
Luckily, there are some simple tricks to help you remember those strong passwords, but security experts also recommend using a password manager to keep track of all them. By using a password manager you only need to remember a single strong, unique password – the master password – and can then give up on remembering the rest. Better still, the in-built password generator will easily generate cryptographically secure passwords and insert them in the required field exactly where and when you need them.
Some common Password Managers include:
Most modern Internet Browsers including Google Chrome, Apple Keychain and Microsoft Edge include a built in Password Manager. That being said these passwords, just like with the previously mentioned Password Managers are only protected if the account itself is secured. Utilizing Two Factor Authentication by SMS or Phone Call or an Authenticator App