I come across this problem daily, clients, friends and family using weak passwords for logins to various user accounts on and off the web. Not only this, I see them using the same one for multiple different services… I cannot stress how dangerous this combination is. I tell you now, and you better listen, if you one of 75% of the general population that does that, it’s not if you going to have your accounts compromised, it’s when.
Here are the hard facts:
Taken from SecurityWeek on Aug 16, 2010 (Read the full article here)
Study Reveals 75 Percent of Individuals Use Same Password for Social Networking and Email
According to a week-long study conducted by Internet security company BitDefender, over 250,000 user names, email addresses, and passwords used for social networking sites can easily be found online. The study also revealed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts.
The sensitive user data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively.
People I know have fallen prey to this. People I know have lost money because of this. It’s time for YOU to take charge and be sensible about your online security.
Ok so that’s the shock treatment over. If you one of the many that have fallen into this bad habit, don’t stress, it’s easy to change a few key passwords and follow good practises from here on in (start with your main email account). If you already have fairly sound password habits, read on anyway to see how I manage this and for some useful tips (feel free to add your own tips in the comments section).
First things first. It is impossible to remember multitudes of strong passwords. This is why 75% of people don’t… There are several good ways to do this, the way I do it is to use a password manager.
So your first port of call is to find one that works well for you. There hundreds, I’ve used several and settled on KeePass which is not only open source, but also cross platform. In laymen’s terms, it’s free and open to peer review which means less chance of malicious code and it runs on Linux, Mac, Windows and some mobile platforms too.
EDIT: I’ve heard a few folks recommend LastPass, check it out as an alternative (https://lastpass.com/)
You’ll need to choose a nice strong password for your password manager. This is probably a good time to share the following two videos with some great tips:
Now go and change those passwords!