Helping people with computers... one answer at a time.
Using a different password for every login is an important part of overall security and doesn't have to be difficult.
Is it safe to have the same password for all of my email accounts? If one has an account in Yahoo! mail, Gmail, rediff mail, etc., and sets the same password for all of them, will it be easier for a hacker or phisher to find out about it?
Using different passwords is much safer than using one password everywhere.
Because hackers know that most people don't take the trouble to set that up.
And they know that we typically have more than one account.
I'll admit it, I'm lazy. And when it comes to trying manage multiple passwords, I'd bet money that most people are as well.
One password everywhere is so much easier. It's easier than even the easiest password management system. It just is.
It makes our life easy not to have to remember and not to have to use any special tools to remember for us.
The problem is that it makes hackers' lives easier too.
Hackers know that people find it easier in general to have one password everywhere.
Hackers also know that people generally have more than one account.
So hacking a single account can act as a foot in the door and lead to all sorts of mayhem.
Quite often, it's easy to guess that if a person logs in with username X and password Y on a system like Yahoo! mail, it's likely that they'll try to replicate both username X with password Y on other systems like Gmail, or just about any system that they might be likely to use.
But by breaching one account, hackers are also often given clues that'll let them easily access other accounts.
For example, your Facebook login is your email address and some password. Well, if they've hacked your email address and you use the same password everywhere, they now know how to login as you on Facebook.
Account confirmations and notifications are also frequently sent via email. What that means is that your hacked email account might contain many clues as to just what other accounts that you might have.
If you use the same password everywhere, it's easy sailing for the hacker to then quickly try those out and login as you all over.
Hacks can happen through no fault of your own. You could be maintaining perfect security and still end up compromised.
Consider all of the places where you have online accounts. Now, let's assume that the one with the weakest, poorest security gets hacked, and the contents of their entire username/password database is stolen, with your information in it.
You just got hacked and it wasn't your fault.
If you're using one password everywhere, the hackers now know it.
The bottom line is that using one password everywhere is a risk that you simply shouldn't allow.
At a minimum, use unique passwords for your important accounts - like banking and other financially related activities.
And don't forget that all of your email accounts are "important accounts", particularly if they can be used for password recovery on other accounts. All that a hacker might need do is get your email account, then run over to some other account and request a password reset to be emailed to that account that they control.
I have an admittedly imperfect system (I did say I was lazy.). I have "tiers" of passwords. I use the same password on several unimportant accounts. But for anything marginally important, I go the unique and complex route.
Whenever I talk about giving each login a different password, I get people who object (often strongly): "This makes no sense at all, no way am I going to remember all those passwords, especially if you're going to insist that they're complex on top of everything else".
You don't have to.
For example, I don't know my online banking password. I just don't. Who's going to remember something like yFK86jk8q45B? (And no, that's not it ... I said something like...).
Yet I use my account frequently.
Let your computer do the remembering for you.
Both create secure databases of your login IDs and passwords, and store them so that only you can get at them with your single password. (And yes, that password needs to be strong and memorable.)
Both ease the entire process of logging in by filling in the user ID and password for you - you don't even need to know what they are.
Both use strong encryption to keep your password database secure on your machine(s). Both also support synchronizing or accessing that database across multiple machines and mobile devices.
And both enable you to use different and strong passwords on every site you care to use.
Which should be most.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.