This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 6 °C Sunday 8 December, 2019
Advertisement

Your biggest security problem isn't whether you'll get hacked or not

It’s using the same password for all of your accounts.

Image: Corrie Barkllmore/Flickr

FOR THE MAJORITY of people, account safety doesn’t amount to anything more than having a password and username.

Yet that doesn’t mean many people decide to use strong passwords. There’s certainly no shortage of bad passwords out there, you would hope most people know not to use ones like ’123456′ or ‘password’, but a different problem has come into sharp focus in recent weeks: reusing the same passwords for most or all of your accounts.

We do this because of convenience and the sheer number of accounts we have active means remembering numerous passwords for all accounts isn’t feasible. But the worrying part is how old or dormant accounts can come back to haunt you.

In recent weeks, we’ve seen the likes of MySpace, Tumblr, LinkedIn, and Twitter experiencing situations where username/email/password lists have been leaked or put up for sale.

It’s not unreasonable to suggest that lists for other services will follow shortly and if you’re thinking that you won’t suffer much since you haven’t touched your MySpace account since 2008, that’s not where the damage could occur.

Those old accounts are likely a backdoor for current apps you use like Facebook, Instagram, and Snapchat. If you used a password for one account, the likelihood you use the same one for other accounts is rather high.

In fact, those who have the intention to take over accounts, for ransom or other reason, are counting on this as it allows them to compile lists for other sites.

It’s something the hacker who is selling LinkedIn, Myspace and Twitter passwords practically admitted to in an interview with Wired. When asked what was their own use for these passwords and how they could make more by selling the data, they said:

Well, [the] main use is for spamming. There is a lot of money to be made there, as [well as] in selling to private buyers looking for specific targets. As well, password reuse – as seen in recent headlines of account takeovers of high profile people. Many simply don’t care to use different passwords which allows you to compile lists of Netflix, Paypal, Amazon, etc. to sell in bulk (50K/100K/etc).

What it sets up is a domino effect. It’s also unlikely you’ve changed your email and since the majority of services require a email/password login, there’s nothing to stop an automated program from entering them in.

Also, don’t underestimate the amount of information you have in any one account as it could include sensitive info you have forgotten about.

Domino Effect Source: TheGiantVermin/Flickr

Steps to stay safe

There are other factors that determine whether you’ll be targeted by someone or not, but you shouldn’t assume that you’re safe. Here are the basics to improving your security.

- Activating two-step authentication is the easiest way to add an extra layer of security without much effort. Anytime you try to log in to an account, a random code is to you via SMS or through a specialised app like Google Authenticator or Authy. All major services offer this so you’ve no excuse not to activate it.

- The next step is to change all your passwords to something different and more complex. Remember, the longer the better (multi-word phrases are a good way of doing this) and mix it up with capital letters, numbers and characters.

- The easiest way to follow through with the last tip is to start using a password manager like Sticky Password1Password, and Dashlane. At this point, having one is a necessity if you place any value on security.

These are useful as it only requires you to remember one master password meaning you can make your account passwords extremely complex without having to remember them. Some are free but all of them offer a paid subscription service for extra features. It is worth it though.

Source: stickypassword/YouTube

- Another major weakness are apps or services you’ve signed up to briefly but stopped using. If you haven’t touched an account in six months, then you’re likely better off getting rid of it entirely. Chances are you’re not going to be doing anything with it in future.

- If you can’t remember what services you’ve signed up to, check both your downloaded apps list (found in App Store and Google Play) to see what apps you’ve used in the past. Likewise, go into your email account and search for specific terms like “welcome to” so you can find sign up emails (all apps and services send them when you join a service).

Read: You should take down this smartphone code when you get the chance >

Read: Somebody is trying to sell almost 33 million Twitter passwords on the dark web >

  • Share on Facebook
  • Email this article
  •  

About the author:

Quinton O'Reilly

Read next:

COMMENTS (6)