Updated: 02 Aug 2013
I come across this problem daily, clients, friends and family using weak passwords for logins to various user accounts on and off the web. Not only this, I see them using the same one for multiple different services… I cannot stress how dangerous this combination is. I tell you now, and you better listen, if you one of 75% of the general population that does that, it’s not if you going to have your accounts compromised, it’s when.
Here are the hard facts:
Taken from SecurityWeek on Aug 16, 2010 (Read the full article here)
Study Reveals 75 Percent of Individuals Use Same Password for Social Networking and Email
According to a week-long study conducted by Internet security company BitDefender, over 250,000 user names, email addresses, and passwords used for social networking sites can easily be found online. The study also revealed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts.
The sensitive user data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively.
People I know have fallen prey to this. People I know have lost money because of this. It’s time for YOU to take charge and be sensible about your online security.
Ok so that’s the shock treatment over. If you one of the many that have fallen into this bad habit, don’t stress, it’s easy to change a few key passwords and follow good practises from here on in. If you already have fairly sound password habits, read on anyway to see how I manage this and for some useful tips.
But how to remember all these passwords?
First things first. It is very hard to remember multitudes of strong passwords without some help. This is why 75% of people don’t…Here a couple of easy ways to keep track of multiple strong passwords:
a) Use a pattern that you can easily replicate and remember, but that still ensures you have unique and strong passwords for your accounts.
b) Use a password manager
So your first port of call is to decide what option works best for you. If you have few key passwords that you’ll need to remember then option A is probably the way for you. If you have many, like me, option B is the best or perhaps it’s a combination of both.
A) Choosing secure passwords
The following article is an excellent reference for leaning how to choose secure passwords that you can easily remember.
Here is a video explaining the basics, but I’d recommend reading the article as it gives a more in-depth explanation and good examples.
B) Password managers
For my password manager (or password “safe”) I use Keepass, it’s open source and cross platform. You can download it here: http://keepass.info/download.html
I also use DropBox to keep a copy of my password manager database on my Android phone. This means I have my passwords no matter where I am!
There many password managers out there and you’ll need to find one that suits your needs. I’d recommend that you choose a password manager that allows you to export your data into an open standards format of sorts (like xml or csv) in case the worse happens and the software or service is no longer available.
If you looking for a commercial solution, I’ve heard a few folks recommend LastPass which you could check out as an alternative here, https://lastpass.com. I believe they have a free option too.
Important! You’ll need to choose a nice strong password for your password manager. Keep this safe, if you loose it, it’s gone with all your other passwords. If needed, write it down and lock the password away somewhere safe. (Think of it as the “spare” key to a important room or safe full of documents).
And that’s it. You just done the single biggest thing you can to keep yourself safe online.
Highly recommended reading:
This is the link to the first part of the article I linked to above. The article has three pages covering the threat of weak passwords, creating strong unique passwords that are easy to remember and finally how to have your web browser manage your passwords for you.
A recent article by the well known security writer, Bruce Schneier detailing the threat and how to combat it.