What is password reuse, and why is it a security problem?
Stop Password Reuse
Password Reuse
One of the most common threats – and serious vulnerabilities – is not related at all to software or applications, but rather human beings and our habits: password reuse. Password reuse is a problem where people try to remember multiple passwords for everything they interact with on a regular basis, but instead use the same password on multiple systems, tiers of applications, or even social sites. The vulnerability is in a person’s inability to remember dozens (or even hundreds) of passwords and exploitable using the same one on every account.
The Risks
Once one account is compromised, all of the accounts that share that password become compromised. The more a password is reused, the more opportunities there are for that password to be compromised or stolen. If a website is compromised, hackers will use the passwords and login information on other websites in attempt to gain access to other accounts such as financial websites or email websites. Thus, instead of simply losing access to that one compromised account, you may find yourself dealing with a cascade of issues, with devastating results for your privacy and online security.
Staying Safe
The best way to keep yourself protected online is to use strong, unique passwords for every account. That way, even if your password for one website is compromised, the others stay secure. This is especially crucial when you create accounts for websites that store sensitive or financial data. Admin IT recommends the use of password management tools to generate and save unique passwords for all of your accounts.
Check if you are vulnerable
Troy Hunt’s Have I Been Pwned website maintains a database of username and password combinations from public leaks. These are taken from publicly available breaches that can be found via various sites on the web, or dark web. This database just makes it easier to check them yourself without visiting the sketchier parts of the web.
To use this tool, head to the main Have I Been Pwned? page and search for a username or email address. The results tell you whether your username or email address has ever appeared in a leaked database. Repeat this process to check multiple email addresses or usernames. You’ll see which leaked password dumps your email address or username appears in, which in turn gives you information about passwords that might have been compromised.