Why Password Reuse is a Bad Idea

Password reuse is an issue that I seem to battle with constantly. Password reuse is, just as the name implies, using the same username and password combination for more than one website. I understand why people are prone to do this but I would like to take a few minutes to explain why it is a bad horrible idea.

It seems logical to reuse your password. After all, passwords are hard to remember and supposed to be kept secret. This logic makes perfect sense except for one scenario: What happens when you lose control of your password?

Imagine for a minute that you have followed my past advice. You have picked your complex, difficult to remember password and committed it to memory. It is 16 characters long and no one is going to guess it because you have mixed case, numerals, and special characters. You feel very comfortable with your uber-secure password and start making the rounds on the Internet. You change your passwords for online banking, email, Facebook, and Amazon.com as well as your work email and user accounts. You make them all the same, after all this is a really good password. You continue on this route, signing up for online forums, webmail, coupons, and a shady shopping site and use the same password. Everything is great, no one is going to hack you! Your password is unguessable!

One day, one of these sites get compromised. It might be a forum, email, or that shady shopping site. It might be the coupon site you signed up for and forgot all about. In any case, your ONE uber-secure password is now out in the open. Did you notice that? I put an emphasis on ONE. I did that for a reason.

It should not be difficult to figure out what happens next. Your information is out and the gig is up. The bad guys now have access everything you secured with that password. Everything! They can drain your bank account and credit cards or impersonate you on Facebook and email. You now have to scramble to change your password on every site. Unfortunately, you probably will not find out you have lost your password until something bad has happened. It could be money missing from your bank account or someone impersonating you through email and Facebook. Had you simply used different passwords for each account then you would be safe, having only lost control of the single compromised account.

Hopefully this post will help you understand why reusing passwords is a bad idea. In a sense, it is even worse than using a simplistic password. As always, comment below if this was helpful.

Google, Facebook, and 2FA

Wouldn’t it be great if there was a way to enhance the security of your Facebook and Google accounts? How about a way that makes it much more difficult for your Facebook or Google account to be hacked? What if it was easy to use?

Good news! The answer to all of the questions above is yes!

Recently, Google and Facebook rolled out two-factor authentication (2FA as we geeks like to call it). It’s easy to use and makes it significantly more difficult for your account to become compromised. Who wants to have to explain to their grandma why they sent her a raunchy email or photograph? Not me, that’s why I’m recommending you go enable 2FA on your social media accounts right now. So what is 2FA?

As I said, 2FA stands for two-factor authentication. The normal username/password login sequence we are all familiar with would be considered single factor authentication. You are only asked to provide one secret, a password, in order to access a protected resource. With two-factor authentication, you are asked to provide two secrets in order to access your account. So where does the other secret come from? Your cell phone!

Here is how a 2FA works when logging into your Facebook account. You go to the Facebook login page and enter your username and password as normal.

Next, you are asked to enter a security code. The security code is in a text message sent to your cell phone.

That is all there is to it. You just saw what a 2FA Facebook logon looks like. See, I told you it would be easy. The security code changes each time you login to your account making it more powerful than using only a password. Google account 2FA works almost identically to Facebook.

You can enable 2FA in your Facebook account by going to Account Settings(it’s on the right) and clicking on the Security link (it’s on the left). Look for the Login Approvals option. On your Google account, go to Account Settings and find “Using 2-step verification.”

I hope everyone who reads this starts using 2FA. Leave a comment below if you found this helpful.

Control your facebook privacy!!!

Two new facebook privacy tools are available. Both tools are open source and help you get control of your facebook privacy settings.

ReclaimPrivacy.org
This website provides an independent and open tool for scanning your Facebook privacy settings. The source code and its development will always remain open and transparent.
http://www.reclaimprivacy.org/


SaveFace
SaveFace™ by Untangle® is a simple-to-install bookmark utility that, when invoked, automatically changes your Facebook® settings so that only your Friends can see your information.
http://www3.untangle.com/saveface