Why You Should Never Reuse Your Passwords

Posted on Dec 19, 2018 by Sean Doyle
Share Tweet Plus

secure passwords

One thing we all have in common is that we don’t like to memorize a multitude of different passwords for all of our online accounts. It’s not easy to remember multiple passwords, so reusing the same password is a solution of convenience; However, reusing your passwords is also a very big security risk and something we should all stop doing right away.

Reusing Your Password is Risky

Let’s say you reuse the same password for Amazon, Facebook, and Gmail. If one of these services (or another service you use) is breached and your reused password is compromised, cybercriminals will have outright access to all of your accounts. They’ll be able to make purchases with your Amazon account using your saved credit card, sign into your Facebook account, and use your email account however they seem fit. They can also change the passwords and it will be difficult for you to recover your stolen accounts.

If you think it’s is never going to happen to you, you’re probably wrong, and it’s probably already happened. Breaches occur all the time and files containing billions of hacked passwords have already been found floating around the Dark Web. In 2016 alone, more than 500 million passwords were leaked when LinkedIn, Twitter and Myspace were hacked and in 2014 around 5 million Gmail accounts and passwords were found uploaded on a Russian forum.

What hackers and cybercriminals do with compromised information depends on the situation. Some of them sell the data they obtain on the Dark Web, some steal accounts, and others resort to email scams to blackmail people for money. In one of the most prolific email scams of 2018, cybercriminals used leaked passwords to scare victims into paying them by allegedly sending email messages from an email account to the same account. The messages contained the password of the email account and insisted that the owner pay them to avoid having their data sent to their family, friends, and colleagues. This caused a panic among the online community and it also shows why reusing your passwords is a really bad concept.

Passwords are not only obtained following a breach, they can also be obtained by phishing scams and websites, keyloggers, and malware. In addition, there are tools that hackers can use to crack passwords, although a strong password that contains special characters and two-factor authentication often thwarts such attempts.

Best Practices for Password Security

Here are some things you can do to secure your online accounts:

  • Use unique passwords – Reusing your passwords introduces you to additional vulnerabilities that you have no control over.
  • Use special characters – Don’t use common passwords like Password1 or 12345678. Make your password hard to crack. Use a mix of numbers, letters, and special characters such as !@#$% to make your password harder to crack.
  • Change your password frequently – With enough time, hackers may be able to crack your password, no matter how strong it is. Because of this, it is recommended to change your passwords at least every 5 to 6 months.
  • Don’t make passwords personal – It’s not hard for a hacker to find your personal information and use the information to crack your passwords. Don’t use any personal information such as your dog’s name in your passwords to foil any password cracking attempts.
  • Use two-factor authentication (2FA) – Account takeover attempts can be stopped with two-factor authentication. Two-factor authentication provides an extra layer of defense beyond your password.

As long as passwords are the primary gateway to your sensitive and indispensable information, it is important to use best password practices to keep your online accounts secure.

Note from editor: If you find it difficult to remember many different passwords, you may find a password manager very useful.  To learn more, check out “Why You Should Use A Password Manager“.

About Sean Doyle

Sean Doyle has been involved in the cybersecurity industry for many years and has written for several publications. Twitter: @Botcrawl

VPN Service