Using the same password for every website can spell trouble
Do you have an Internet passport, meaning you use the same password at every website? That may be convenient, but it’s also dangerous. Here’s a cautionary tale showing why it’s a bad idea to use the same password on every website.
Recent photos posted to several blogs have resurrected a viral story that first spread earlier this year. A dating website discovered that hackers stole data containing several users’ e-mail address and password. It is believed that hackers used this information to gain access to Facebook profiles of people who used the same password on both sites. The hackers then impersonated Facebook users and posted graphic photos, suicidal messages, and stories about fake sexual encounters. Several shocked Facebook members learned the hard way that they shouldn’t use the same password for every website they frequent.
The victims of these pranks were lucky to suffer only embarrassment that can be proven false to friends and family. But what if someone decided to investigate those users further and locate their business e-mail address or online bank accounts? They could have faced even more serious consequences professionally and financially.
That is why it’s crucial that Internet users stop using the same password for every website. You can never be fully immune from online attacks, but creating an additional level of protection can help. It’s important to maintain a different password for these five types of websites.
Email
Email accounts are the gateway to a person’s online identity. Whenever someone registers for a website, they typically receive a confirmation or activation message from that website, leaving a trace that others can exploit. An email account password must be strong, secure, and NOT used on any other account under any circumstance. This is the most important password to keep, so make sure your password:
- Is at least 8 characters long (numbers and letters included)
- Includes at least two numbers or symbols when allowed
- Not easily relatable to details of your life (don’t use birth dates or the name of your parents/children/spouse because people can guess those)
Banking
Everyone wants to protect their money, so keep a second secure password for all financial websites. If you access multiple accounts from multiple banks, it may be a good idea to keep separate passwords as an added precaution. The standard password rules apply: strong, include numbers, and not easily guessed by others.
Shopping [Amazon, Wishabi, ebay, etc]
Shopping websites are a great way to find a deal, but some contain your credit card information on file. It’s important to prevent access to these websites to prevent people from making unauthorized purchases. It’s okay to keep similar passwords for this class of websites, but do something to slightly differentiate each. For instance, the base word in the password will be yuzabee. The password for Amazon can be yuzabee7n1, eBay can be yuza5beep0, Wishabi 9yuzabee3, and so on.
Social Networks [Facebook, Twitter, MySpace, Identi.ca, etc.]
As you saw in this case, maintaining the same password for one social network can cause big problems on another. Similar to shopping websites, it’s okay to maintain similar passwords based on the same base word. You can even maintain a different root word for personal networks like Facebook or eHarmony and then have a different root word for business sites like LinkedIn.
Disposable accounts
The final and least important class is a “disposable” account. These are the memberships that you use but really wouldn’t care too much to lose and have to register new accounts. Non-paying news websites that require registration are a prime example of such accounts.
Remember that nothing you do will ever make you 100% safe on the web, but its important to put up as many roadblocks within reason to protect yourself.
Using a secure password manager, such as Mitto (http://mitto.com) can allow you to effectively create and manage strong, unique passwords for each of your sites. They even have additional security required to log from new computers (it sends unique one time codes via text message, just like my bank). Oh, and it’s free!
Is it really safer to use a service that would ultimately have ALL of your passwords???I mean no disrespect, I’m just not very computer savvy.
In my experience, people end up using the same password for everything because it’s too inconvenient/difficult otherwise. Even with a “system” of passwords (different ones for different account types), it’s difficult because sites have different requirements (some only let you have a password that is 4 digits long). Using a password manager brings the usability/convenience dimension into the conversation.
Now, I was cautious when I first encountered the concept of storing all of your passwords in one place. I’m not sure how other services work, but there are a couple of things that helped me to make my decision:
1. You always need more than one piece of information to access your passwords. They have it set up just like the banks do. If you sign in from an unrecognized computer, you will be sent a one-time text message to your phone. So if someone does get your password, you they would need to have your cell phone as well to be able to log in. the chances of them having both things is much less likely. If you want to change your password, you need to have answers to at least 2 security questions. These multiple levels of security make a breach less likely.
2. They are certified by McAfee and TRUSTe
3. I am able to log into sites that I would not normally log into very often because it’s so easy (just click and log in). This is important because if there is any suspicious activity on any of these accounts, I can identify it early and address it. The top defense against fraud and identity theft is early detection.
Ultimately, if you don’t feel comfortable storing passwords to important sites online, you shouldn’t. However, I don’t know about you, but I have logins to all sorts of unimportant sites (so many sites require a login these days!). Using a service like Mitto could allow you to handle these passwords.
LisaB
Thanks for the further info. I’m leaning towards mitto~~the price is sure right!!
I have had a “brush” with identity theft quite some time ago.The only advice the police could give me was to have an unlisted telephone number and buy a good confetti shredder.I do those things still today.The person got my name and address straight out of the phone book and her first and last name was the same as mine, including the spelling.
For those reasons, I try to be as cautious as I possibly can without progressing to paranoid!!!
I really do enjoy the practical info I get here.
Thanks again, Lisa
[...] PayPal, or banking may be a little tougher. And because we’ve already covered why having one password for every account is a bad idea, many people turn to services like LastPass that can act as the only password you’ll ever [...]