We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Corrie Barkllmore/Flickr
own worst enemy

Your biggest security problem isn't whether you'll get hacked or not

It’s using the same password for all of your accounts.

FOR THE MAJORITY of people, account safety doesn’t amount to anything more than having a password and username.

Yet that doesn’t mean many people decide to use strong passwords. There’s certainly no shortage of bad passwords out there, you would hope most people know not to use ones like ’123456′ or ‘password’, but a different problem has come into sharp focus in recent weeks: reusing the same passwords for most or all of your accounts.

We do this because of convenience and the sheer number of accounts we have active means remembering numerous passwords for all accounts isn’t feasible. But the worrying part is how old or dormant accounts can come back to haunt you.

In recent weeks, we’ve seen the likes of MySpace, Tumblr, LinkedIn, and Twitter experiencing situations where username/email/password lists have been leaked or put up for sale.

It’s not unreasonable to suggest that lists for other services will follow shortly and if you’re thinking that you won’t suffer much since you haven’t touched your MySpace account since 2008, that’s not where the damage could occur.

Those old accounts are likely a backdoor for current apps you use like Facebook, Instagram, and Snapchat. If you used a password for one account, the likelihood you use the same one for other accounts is rather high.

In fact, those who have the intention to take over accounts, for ransom or other reason, are counting on this as it allows them to compile lists for other sites.

It’s something the hacker who is selling LinkedIn, Myspace and Twitter passwords practically admitted to in an interview with Wired. When asked what was their own use for these passwords and how they could make more by selling the data, they said:

Well, [the] main use is for spamming. There is a lot of money to be made there, as [well as] in selling to private buyers looking for specific targets. As well, password reuse – as seen in recent headlines of account takeovers of high profile people. Many simply don’t care to use different passwords which allows you to compile lists of Netflix, Paypal, Amazon, etc. to sell in bulk (50K/100K/etc).

What it sets up is a domino effect. It’s also unlikely you’ve changed your email and since the majority of services require a email/password login, there’s nothing to stop an automated program from entering them in.

Also, don’t underestimate the amount of information you have in any one account as it could include sensitive info you have forgotten about.

Domino Effect TheGiantVermin / Flickr TheGiantVermin / Flickr / Flickr

Steps to stay safe

There are other factors that determine whether you’ll be targeted by someone or not, but you shouldn’t assume that you’re safe. Here are the basics to improving your security.

- Activating two-step authentication is the easiest way to add an extra layer of security without much effort. Anytime you try to log in to an account, a random code is to you via SMS or through a specialised app like Google Authenticator or Authy. All major services offer this so you’ve no excuse not to activate it.

- The next step is to change all your passwords to something different and more complex. Remember, the longer the better (multi-word phrases are a good way of doing this) and mix it up with capital letters, numbers and characters.

- The easiest way to follow through with the last tip is to start using a password manager like Sticky Password1Password, and Dashlane. At this point, having one is a necessity if you place any value on security.

These are useful as it only requires you to remember one master password meaning you can make your account passwords extremely complex without having to remember them. Some are free but all of them offer a paid subscription service for extra features. It is worth it though.

stickypassword / YouTube

- Another major weakness are apps or services you’ve signed up to briefly but stopped using. If you haven’t touched an account in six months, then you’re likely better off getting rid of it entirely. Chances are you’re not going to be doing anything with it in future.

- If you can’t remember what services you’ve signed up to, check both your downloaded apps list (found in App Store and Google Play) to see what apps you’ve used in the past. Likewise, go into your email account and search for specific terms like “welcome to” so you can find sign up emails (all apps and services send them when you join a service).

Read: You should take down this smartphone code when you get the chance >

Read: Somebody is trying to sell almost 33 million Twitter passwords on the dark web >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.