There was a scare recently in a field I work in – whether a hoax or not, a hacker claimed to have all the usernames/passwords from a particular site.
That’s not an unfamiliar story – some sites are sloppy and almost deserve to be hacked (not that I wish harm on their members but those owners must always do their very best to be secure – sloppy definitely isn’t good enough); some sites are maybe unlucky and become the unfortunate victims of some 3rd party vulnerability.
The also not unfamiliar story was the panic of people saying, “shit, I use that password for my online banking, I need to go change it”
Ok, I dramatised that. But it’s 100% true that a lot of people panicked because they had the same password they used for the hacked site in many other places. Paypal accounts, clickbank accounts, twitter, facebook, their blog.
I can’t think of the term right now, I’m too old and un-hip (though I do know about planking and flashmobbing (some PG content in that one)) but it’s where someone leaves their facebook or twitter account logged in and a friend, family member or work colleague posts masquerading as them. Several of my friends have changed sexual orientation and they were the last to know!
If you have different passwords everywhere then you have damage limitation – if they hack one account, there’s no reason to be worried about your other accounts (unless you stored all your passwords in a notepad file somewhere someone got access to!)
This is an affiliate link – use it or go direct but do get this product – roboform or something similar. Depending on your circumstances there are different versions (free and paid). My version is on a dongle that I can take anywhere and also includes online backup should I lose my passwords. It easily generates random secure passwords like xLr4!R7C^KdW – you couldn’t remember that if I typed it front of you, much less guess it. But with roboform the other advantage is that you don’t type your password in – keeping you safe even if you had an undetected keyboard logger trojan on your computer.
If you don’t get roboform, at the very least use a system for creating passwords on each site. if your facebook password was kokatie99ob no one is likely to spot that your password is easy to remember for every site yet fairly unguessable and fairly unlikely someone would spot the pattern and be able to hack your other accounts – though they might (that one uses katie99 always but uses the last 4 characters of the site name in reverse order, 2 in front, 2 behind).
To be honest the latter suggestion is much better than the same easy password everywhere but nowhere near as good as having true random passwords.
If someone hacks one account, they do limited damage. If they hack one of your social accounts they could not only embarass you, they could trick your friends into all kinds of things – how would you ever recover from that!
And if they hack your paypal or other important accounts…
People online are too casual, too careless, too trusting or too unlucky – whatever the excuse, thousands of accounts get hacked every day. Chances are it will happen to all of us at some point, even the most careful. All the random passwords in the world won’t mean a thing if someone hacks into a site you use through a vulnerability – make sure the only damage you suffer is the loss of that account!