People are creatures of habit, particularly when it comes to technology. Passwords are a prime example. Many of us use the same logins for multiple websites and applications because we don't have a photographic memory and it's just so easy to use a simple password! Many people aren’t aware that this is one of the most significant security dangers they can face online. It has a simple fix too.
Every month there are stories about major companies being hacked, their customer data stolen, and their customers left stranded. Hackers commonly use data stolen from one site to access others where login credentials have been reused between accounts. In some cases, access to bank accounts has been gained simply by using a compromised email account.
The Danger Of Old Passwords
MySpace is a key example of why old and possibly forgotten services pose a security danger when passwords haven't been regularly changed. Once a thriving popular network, the use of MySpace services declined drastically from 2007 onwards. While many people moved to Facebook, old accounts typically remained abandoned on their servers. Hundreds of millions of accounts remained on MySpace servers many years past the company's peak.
In 2016, MySpace suffered a data leak which exposed usernames, emails, and passwords of 360 million user accounts. Shortly after the hack, these details were published on the dark web for anyone to see. Many were used to access email accounts, servers, and accounts that shared the same details.
Even if you have never had a MySpace or don't use any social networks, how many unique passwords do you have for all your other websites? Many people have dozens or even hundreds of accounts to social media, forums, online games, utility providers, and banks. Most use the same password everywhere and never change it.
Good security practice is to use a unique and strong password for every login you use. A strong password should include, where possible, capital letters, lowercase letters, numbers, and character symbols. It is impractical or even impossible to remember passwords like this but it is entirely achievable with a password manager! It makes storing, retrieving, and using unique passwords easy.
When using a password manager, an individual is required to remember only one single strong password to access a database which contains a different login password for each service. This database can be synced between multiple devices, saved and backed up to the cloud, and even used to create strong passwords for you.
The single password should be really hard to guess (please don't use "Password123"!) and be protected with Two-Factor Authentication. It is an extra layer of security that requires not only a username and password but also something that the user has on them. Some companies send you a confirmation email when you try to log in and you can only do so if you click on a link in the email. Others often require a one-time code sent to your cellphone. This practice makes it almost impossible for an attacker to gain access to your accounts unless they have your phone as well, for example. Needless to say, 2FA is a must for the password manager!
One of the most popular password managers is LastPass. It has been around for more than a decade, has never been hacked and is used by millions of people. It can be quite complicated to set up but there are plenty of tutorials online. Here is a good one! If you still struggle, we can, of course, help you out.
The maximum recommended lifetime of a password for any service is a single year. Make the start of the new financial year the time which you refresh your passwords and start new.