Reusing the same password with multiple services is not good password hygiene. Use a strong password generator and break that habit!
Reusing the same password is not good password hygiene
It's your email. It's your documents. It's your banking, your music, photos and all your contacts. It's your personal, oft' times sensitive information that's at risk, and the chance of it falling into the wrong hands multiplies by magnitudes if you reuse the same password to manage your online accounts. We recommend using a strong password generator to develop good password hygiene.
Reusing the same password with multiple online services is a common bad habit. It's dangerous because once one account is compromised, a domino effect can occur, compromising many of your accounts. We're going to help you break the bad password habit, and develop good password hygiene, with the help of a strong password generator.
Bad password habits put your data at risk
The bad guys target businesses online and businesses are continuously shoring up their defenses in response to the latest attack. Still, it seems like we're regularly hearing about new breaches from high-profile companies and with those breaches, the bad guys pull out reams of personal information about customers including in some cases, passwords.
Those are just the big companies. What may be scarier is the fact that cyber-criminals know that many small and mid-sized companies do not take the same measures a bigger company takes to prevent security holes. This, combined with the fact that people are inclined to re-use the same password on multiple sites makes the small and medium-sized companies good targets; passwords acquired can be the impetus that results in the bad guys gaining access to all your stuff. In one 2018 survey, 67 percent of businesses with less than 1,000 employees were victims of cyberattacks, while 58 percent of respondents reported actually suffering data breaches.
Think about that. Now think about how many times you've used that same played-out password when quickly creating an account. After the possible consequences of that sink in, you may want to check haveibeenpwned.com to see if you've been compromised. Just input your email address and it'll tell you if your account details have been compromised and on which sites.
Be sure to come back and follow these three simple steps so you can get some sleep tonight.
Three simple steps to security
Step one: Get a strong password generator
You're going to want to install a strong password generator application that's notoriously secure and will work across multiple platforms, like 1Password or LastPass. It will free you from having to remember all the passwords you're about to change in step two. You'll only be responsible for remembering one master password... which, we must point out, should absolutely not be stored in your note apps, documents, or email. If you need to write it down, a safe or safety deposit box should have the only copy.
When you're asked to set up your master password, choose one that contains numbers, special characters, and both upper and lowercase letters. Make it something you'll remember, but something that no one else could ever guess. Single-word passwords like names or dictionary terms are weak. Three or more unrelated words strung together with a special character between them are much better example of good password hygiene. For instance, "Pink*Flamingos2Gold*Conversion" is a strong password where “Kermit" isn't. While "Password123!" conforms to common requirements for a secure password, it is anything but.
This hopefully doesn't need to be said: definitely don't use your name, your kid's name, your birthday or anything that could be guessed with a little creeping.
Step two: Reset passwords
Go on a password resetting spree. Make a night of it. Include a bottle of wine. You're adulting here. And because you're a responsible adult, you're going to create a different password for each and every login, including social networks, email, banking, even remote access and VPN apps, then log them with your strong password manager. It might offer to generate them for you automatically. Even better if you're offered the option to set up 2FA (Two-factor authentication). It might seem like a hassle because it's a little more time consuming, but a growing number of apps and sites are implementing it, especially places where you store sensitive information (ex. Evernote). 2FA is stronger, so it's wise to use it whenever possible.
Step three: Separate your personal and work email
If you haven’t previously done so, set up a personal email account separate from your work-related email. For reasons that are probably obvious, you shouldn't sign up for non-work related accounts using your work email address, but just in case you have in the past, you might want to take some time to change your email with those accounts now. And while you're at it, unsubscribe from any newsletters, advertisements or mailing lists that are not related to your job. Also, be aware of password recovery processes. If you have one email account set up as the recovery email for another email service, a breach of one could potentially compromise the other. If it's a primary account where password recovery emails are sent from third-parties, it could quickly spiral out of control. It would be pretty humiliating to face the ire and contempt of your boss and coworkers (and possibly the public) if you were responsible for a breach of data due to your shoddy password practices.
That’s all, folks
That's it! Now that all of your reset passwords live in a strong password generator, the rest is just a matter of being safe going forward and maintaining this good password hygiene.
Be smart about it. Continue to log new passwords. Don't give passwords to shared accounts to anyone online via text, chat or email—it's always best to divulge sensitive account information face-to-face or in a private call. Keep your devices locked with separate passwords because it's impossible to have them on your person at all times.
Be conscientious when using public computers. Computers at schools and libraries make perfect targets for key-loggers because they're usually insecure and used by many throughout the day, so do not log into your accounts while using them. In such a situation, use a service like Guerilla Mail or AirMail that provides disposable email addresses to gain brief access to data or trial periods in order to prevent unnecessary ties to your personal or work accounts. That will minimize the impact if the security of that public computer or business fails.
More ways to keep yourself safe online
Find out how to keep your data safe on free Wi-Fi, how to opt-out of Facebook Messenger accessing your contacts and how to tell whether a communication is a phishing scheme. Now that AI is increasingly being used to create incredibly convincing frauds, here's an explanation of what deepfake scams are and how to protect yourself from them. Stay safe, friends!
