Tuesday, June 7, 2016

Why you never use the same password on more than one web site

It is a fundamental tenet of user security in 2016 that you do not re-use the same password simultaneously across different web sites and software programs. All the hacker has to do is crack your *one* password to hack all of your accounts. Oh, and he (or she) will.

Here is the latest reported breach caused by password re-use, a mistake made by none other than Mark Zuckerberg, founder of Facebook: Zuckerberg hacking adds to cloud of internet insecurity. Please read it.

The Zuckerberg error is just one example of many prominent people getting hacked because they use a weak password—and, worse, use it across multiple accounts. Use a long, complex password (the longer the better), and guard it like you would all of your liquid assets.

Here is another tip: For accessing your most sensitive data (online banking, insurance, brokerage accounts, medical records, etc.) use a different user name as well. Don't use the same login name that you use for your Gmail, eBay, Blogger, Twitter, Intuit, Facebook and other accounts.

It is never a good idea to use your email name as your banking login name. For example, if your email name is JohnDoe@myemail.com, make your banking login name JohnDoughBoy (or something else easy to remember, hard for others to guess). For extra security, throw in a special character (if allowed).

Another solution is discussed here: First Click: An easy way to quit reusing passwords.

Even Krebs is discusses this week how some online organizations are forcing password resets if they think you are re-using yours elsewhere: Password Re-user? Get Ready to Get Busy

No comments:

Post a Comment