Friday, August 12, 2011

Why Password Reuse is a Bad Idea

Password reuse is an issue that I seem to battle with constantly. Password reuse is, just as the name implies, using the same username and password combination for more than one website. I understand why people are prone to do this but I would like to take a few minutes to explain why it is a bad horrible idea.

It seems logical to reuse your password. After all, passwords are hard to remember and supposed to be kept secret. This logic makes perfect sense except for one scenario: What happens when you lose control of your password?

Imagine for a minute that you have followed my past advice. You have picked your complex, difficult to remember password and committed it to memory. It is 16 characters long and no one is going to guess it because you have mixed case, numerals, and special characters. You feel very comfortable with your uber-secure password and start making the rounds on the Internet. You change your passwords for online banking, email, Facebook, and as well as your work email and user accounts. You make them all the same, after all this is a really good password. You continue on this route, signing up for online forums, webmail, coupons, and a shady shopping site and use the same password. Everything is great, no one is going to hack you! Your password is unguessable!

One day, one of these sites get compromised. It might be a forum, email, or that shady shopping site. It might be the coupon site you signed up for and forgot all about. In any case, your ONE uber-secure password is now out in the open. Did you notice that? I put an emphasis on ONE. I did that for a reason.

It should not be difficult to figure out what happens next. Your information is out and the gig is up. The bad guys now have access everything you secured with that password. Everything! They can drain your bank account and credit cards or impersonate you on Facebook and email. You now have to scramble to change your password on every site. Unfortunately, you probably will not find out you have lost your password until something bad has happened. It could be money missing from your bank account or someone impersonating you through email and Facebook. Had you simply used different passwords for each account then you would be safe, having only lost control of the single compromised account.

Hopefully this post will help you understand why reusing passwords is a bad idea. In a sense, it is even worse than using a simplistic password. As always, comment below if this was helpful.