News / Using the same password across all accounts? You need to stop right now
Using the same password across all accounts? You need to stop right now
17 July 2017 |
Using the same password for multiple accounts makes it easier for hackers to compromise your accounts and steal your money.
Keeping a unique and complex password for each social media account will go a long way in securing your privacy and your money.
Large businesses have often been blamed for jeopardising customer data by failing to secure their databases or by not implementing the latest cyber security practices. While this is largely true, today's hackers can still gain access to people's sensitive details without having to break into large servers.
Why are hackers so successful?
There are two reasons for this. Firstly, despite years of warning, a large chunk of social media users continue to use easy-to-guess and common passwords in all their accounts, whether business or personal. This year, the most commonly used passwords so far are 123456, 123456789, Qwerty, 12345678, 111111, 1234567890, 1234567 and 123123, same as last year. And the year before.
Secondly, what may seem as music to hackers' ears is that a bulk of internet users are using the same passwords for all their online accounts. This is largely because an average internet user uses dozens of social media, gaming, online shopping, and banking accounts, making it impossible for him to remember every single password. However, what's bad about this approach is that if hackers are able to breach one of his accounts, they can use the same credentials to breach the rest of them.
'If a hacker managed to crack one password, they could use it to hijack an email account, steal personal data and even target your family, friends, and work. The most commonly used method for this is a phishing attack, where the hacker sends fake emails from your real account, pretending to be you," says Thomas Fischer, threat researcher and security advocate at Digital Guardian.
According to The Telegraph, 28-year old Kristy Jasper saw £3,800 stolen from her business account by hackers and was later told by the police that the hackers succeeded because she used identical passwords for numerous accounts including PayPal, Amazon, LinkedIn, Facebook and a website used to buy office supplies. The report adds that a typical online user has 26 online log-ins.
What are the techniques that hackers commonly use?
A free online software named 'credentials stuffers' is a boon for hackers. If a hacker is able to obtain your logins by tracking your social media interactions or succeeding in infiltrating your device, he can use this software to determine what other websites can be accessed by using the same credentials.
Hackers also employ 'brute-force attacks' to crack passwords. This technique involves using computer programmes to systematically check many combinations of common words and numbers, to guess a password.
However, the most commonly-used attack vectors are phishing and social engineering. Hackers can get you to click on malicious links by posing as one of your service providers or a large corporation. Lately, hackers are also using vulnerabilities in connected devices' software to gain access to user logins.
How can you deter hackers from gaining access to your logins?
Using complex password combinations for different accounts will go a long way in ensuring that hackers will not be able to second-guess your passwords. Not using the same password for all of your accounts will also prevent hackers from breaching all of your accounts using readily available software like credentials stuffers.
'By using a longer, more complex “passphrase” instead of a password, we can make it exponentially harder for hackers to break. If a password takes too long to crack, hackers will simply move onto the next batch,' says Eduard Meelhuysen, Head of EMEA at Bitglass.
Professor Pam Briggs, chair in applied psychology at Northumbria University, suggests that in order to remember your passwords, you may choose three random words and put them together, making it easier to remember without writing it down. Not storing your passwords in your smartphone or desktop and writing them down on a piece of paper will also ensure that they are not stolen or breached.
'Password security used to be all about creating impossible passwords that were very difficult to remember, and now we do appreciate that it's much more important to create passwords that people are able to remember,' she said.