Jump to content
borjam

Public service warning: beware password reuse

Recommended Posts

I am sure all of us have heard of this on many places but it's worth having a notice posted here. 

 

In the last years there have been several high profile intrusions in popular (and important) Internet services. Adobe and Dropbox to mention two of them. The intruders got a huge database of usernames and passwords.

 

The problem is, those usernames are often email addresses and most users reuse those passwords in other accounts. Which is very bad news for the user especially if the compromised password is used for the email account.

 

I mean: Imagine your email address is justme@gmail.com. You registered on Adobe and you used the same password. That means that the guys who stole the passwords from Adobe may have the password of your email account.

 

Maybe some of you have received a message from a place called https://haveibeenpwned.com warning abou the breach. The site I link is legit and you can check wether a username with your email address has been compromised. Note that, despite clueless news reports, your actual email account hasn´t been compromised unless you reused the same password.

 

The site promotes 1Password, which is a very good password manager, but Mac OS X has a decent password manager built in as well.

 

Now, the advice.

 

First: Do not reuse passwords. Nowadays there are good password managers. 

 

Second: If you need to reuse passwords, make sure that each one of your important accounts have a unique (and good!) password. Which ones are the important ones? Any account linked to financial data, credit cards, software licenses, or, of course, email accounts. Email accounts can be used for password recovery in other sites, so email security is critical. 

 

Third: If you are reusing passwords begin changing them right now. Prioritize according to the previous recommendation. Email, banks, Amazon, eBay, Paypal, etc.

 

You can also use the same website to check wether a password was found somewhere. It won't reveal the accounts to which it's linked, but it's a good way to know at least how unique the password is. 

 

 

Share this post


Link to post
Share on other sites

 I never use the same password and currently have 170 entries in Password Safe, which I've using for quite few years now. "Password Safe allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire user name/password list."

It can also create passwords with user settable parameters..

I imported the data file to StrongBox  to use on my iOS device.

 

Share this post


Link to post
Share on other sites

Here’s a good guide to personal online security.

 

I use Bitwarden ($10 USD a year) to store and sync passwords between my laptop and phone.¹ Combined with the HTTPS Everywhere browser extension, and using two-factor authentication whenever possible, I haven’t had a security crisis in a long while.

 

1. I migrated last month from the leading password manager LastPass and I think Bitwarden is miles better.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...