If your life is anything like mine, chances are you use a large number of online services which each need a password for security. You may have dozens and dozens of passwords, and it's pretty much impossible to remember more than a few different ones for your most frequently used services: let alone the ones you log in to only a few times a month or year.

Password Reuse.

A common strategy for dealing with password overload is to use the same (or very similar) username and password combinations for every service. That way, there's not so much to remember.

I know that it's tempting but this probably the worst thing you can do. I've even spoken to people on the phone who have given me a password that they want to use for their website or email and had them admit that it's the same password they use for their internet banking. Now I would never use this information to steal money or identity from any of my clients. But is everyone you speak to so trustworthy? What if a service you sign up for is hacked and people get a hold of the passwords? Once somebody has one of your passwords they may now have access to everything.

Simple Passwords.

Another strategy is to use very simple or insecure passwords which are closely related to the service you're signing up for.

This is another very dangerous idea: remember that it's not curious people that you need to concern yourself with most, even disgruntled employees or customers. "Bots" (automated computer programs) will often plug in common username and password combinations to any form they can find.

What to avoid:

  • Commonly used passwords such as "password", "opensesame" or "letmein".
  • Any part of your name, company name, trading name, tagline, address, or any other information that appears in your email signature, on your website, etc.

What to do:

It's all very well for me to tell you what not to do, but having a large number of passwords is a very real problem.

If someone gets into your twitter or facebook and starts posting as you, your reputation may take some damage.

If someone gains access to your email address they may also get the ability to retrieve or reset passwords to multiple other services.

If someone gains access to your internet banking, you may be in big financial trouble

Make sure that you create very secure passwords for the services which you really need to keep safe. Change them regularly and don't reuse them. If you can't remember these passwords it's fine to write them down and lock them in a desk drawer or safe!

For some services it may not be such a big deal if the account were compromised. For less vital services (as long as gaining access to those services doesn't let them reset or gain access to more important information) you're probably fine to re-use passwords across those less vital services.

comments powered by Disqus