0

Reusing Passwords: Convenient but Risky

By Dr. Heather Mark

On March 19, 2019, well-known and respected security researcher and reporter Brian Krebs, posted an article with the headline, “FaceBook Stored Hundreds of Millions of User Passwords in Plain Text for Years.”  The article states, “According to Krebs, “The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees.” With that in mind, think about how many accounts you have linked to Facebook.

The news is a constant parade of security breaches in which user names and passwords are compromised.  It is easy for people to become numb to that, or to think that it’s “only” a username and password, not financial data. But how many of us use the same password, or a close variation, for several of our accounts, including our work passwords?  Take a look at this list of security breaches, and think about how many of those impact you, and how many times you recycled passwords for those accounts.

Though it can be convenient, reusing passwords does put you at risk for further compromise.  As criminals have become more sophisticated, they’ve taken to aggregating data collected from various breaches and extrapolating it to compromise accounts that you might not even know were in danger.  Do you use the same password for social media as you do for your bank account?  You might not be concerned if your social media password was compromised, but what if the hacker were able to discern your bank or financial institution?  Have you ever posted a complaint or comment about your bank? Do you check into your office on social media?

We’ve all read the stories about people using “password 123” or “changeme!” for their passwords.  Not only are those easy to crack, but they’re painfully ubiquitous.  Here are some quick, easy tips for creating a strong password:

  • Use phrases – think about a line from a favorite book, movie or song. Sometimes, that can actually be easier to remember and it’s inherently more complex.  Particularly if it uses punctuation.
  • Use “special” characters – When we think of “special” characters, we tend to default to the “!” or the “*”. They’re easy to remember.  But the poor semi-colon (“;”) is woefully underused.  As is ampersand (“&”) and the tilde (“~”).  Think creatively about which special characters you’re using in your password and how you’re using them.  For example, you can combine special characters to make emoticons.
  • Mix up numbers and letters – a creative mix of numbers and letters can make a password more difficult to guess. Try not to make obvious substitutions, such as using a ‘”3” instead of an “e”.
  • Use capital and lowercase letters – mix up your use of capital and lower case letters. You don’t have to follow grammatical conventions when creating strong passwords.  You don’t have to start a name with a capital letter.

Another important reminder is to change your password regularly.  It can be easy to forget that, particularly in the age of biometric authentication.  One trick that I use is to set a calendar reminder to change my passwords.  You can choose every 30, 60, or 90 days, but it’s best not to go past the 90 day mark.

It can be hassle to come up with and remember new passwords every 90 days, but using new, unique passwords is an important tool to protect yourself and your business. It pays to be smart!