Public service warning: beware password reuse

[borjam]

I am sure all of us have heard of this on many places but it's worth having a notice posted here. 

 

In the last years there have been several high profile intrusions in popular (and important) Internet services. Adobe and Dropbox to mention two of them. The intruders got a huge database of usernames and passwords.

 

The problem is, those usernames are often email addresses and most users reuse those passwords in other accounts. Which is very bad news for the user especially if the compromised password is used for the email account.

 

I mean: Imagine your email address is justme@gmail.com. You registered on Adobe and you used the same password. That means that the guys who stole the passwords from Adobe may have the password of your email account.

 

Maybe some of you have received a message from a place called https://haveibeenpwned.com warning abou the breach. The site I link is legit and you can check wether a username with your email address has been compromised. Note that, despite clueless news reports, your actual email account hasn´t been compromised unless you reused the same password.

 

The site promotes 1Password, which is a very good password manager, but Mac OS X has a decent password manager built in as well.

 

Now, the advice.

 

First: Do not reuse passwords. Nowadays there are good password managers. 

 

Second: If you need to reuse passwords, make sure that each one of your important accounts have a unique (and good!) password. Which ones are the important ones? Any account linked to financial data, credit cards, software licenses, or, of course, email accounts. Email accounts can be used for password recovery in other sites, so email security is critical. 

 

Third: If you are reusing passwords begin changing them right now. Prioritize according to the previous recommendation. Email, banks, Amazon, eBay, Paypal, etc.

 

You can also use the same website to check wether a password was found somewhere. It won't reveal the accounts to which it's linked, but it's a good way to know at least how unique the password is. 

 

 

[Rick Reineke]

 I never use the same password and currently have 170 entries in Password Safe, which I've using for quite few years now. "Password Safe allows you to safely and easily create a secured and encrypted user name/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire user name/password list."

It can also create passwords with user settable parameters..

I imported the data file to StrongBox  to use on my iOS device.