Multiple logins are hard enough to remember. To prevent password reuse, you are going to need the help of a password manager
The growing list of passwords
How many logins to online platforms are you currently juggling? Over 20 and there is a fair chance you would have started to reuse the same one. This is a ‘no no’ if following best practice, but for most of us it’s the only way to remember the 8 digit alpha numeric sequence of characters. So how do we manage when you get to over 150 logins, which is starting to become the norm? Is it possible not to use them same one? Enter the Password Manager
A basic password manager
A Password Manager (PM) in its most basic form is an app or program that securely stores your login details from a website. Imagine a small database with a lock. You remember the password to the database, and it remembers the passwords for everything else. Once you have that concept, we can then add more functionality.
PMs will not only record your passwords but also fill in your username and password in the appropriate login screen. This is great as you don’t even type the password, which prevents someone looking over your shoulder. In this case, all they would see is ********. Most browsers like Chrome, Edge & Firefox also have this basic functionality built in. Watch for a pop up asking “Do you want to save this password?” To see a list of your saved passwords look under the browser settings.
Remember, if you use or share a public computer, you do not want the browser to save any passwords.
When asked to create a password for a website, using a specific array of characters, we tend to use something we are likely to remember. Often this means using the same password for multiple sites. If this password is compromised, each site where this username / password combination is used, is also compromised.
To reduce password re-use, let the password manager create a random password for you. This will often be a lengthy, complex password that would be hard to recall, but with the correct set up of a PM you won’t need to remember it at all. You either let the PM enter the details, or you ask the PM to show you the password. Copy and paste works well at this point to eliminate finger error.
An alternative method to unique passwords comes from the often referenced XKCD cartoon which is easy to understand but even now has it’s critics. Just don’t use the example as a password like many have done!
Considering the consequences of someone gaining access to your newly created list of passwords, security in password managers is paramount, as is the security of that master password. The one to rule them all.
Make it hard to guess and don’t write it down. There is much debate about the best passwords to have and which are easy to crack. The general rule here is don’t use anything connecting to your personal details (birthday, anniversary, childs name etc) as Facebook gives most of those details away for free to anyone browsing.
2 Factor authentication (2FA)
2FA is using a second form of identification rather than just the password, to ensure the person logging in is the real owner. This can add another hoop to jump through, but there are ways to utilise this only when things don’t look right.
If you regularly use the same browser and PC from the same location, you can make use of 2 factor authentication only when the login to the website is from another browser, IP address, or entirely new location like overseas. Then 2FA kicks in and sends your mobile phone a code to use to confirm it is really you.
If you must re-use passwords, and I’ll admit it is hard not to, then create tiered security. Allocate all your logins to one of three tiers. Top level security you use for banks, financial institutions, and very secure details. Never re-use passwords here.
Middle level security, try to minimise any re-use unless it’s hard to change. You should only have a handful of sites that use this password which could include online shopping sites and email accounts. It’s worth changing this password fairly regularly.
Low level security where (if you must) you can re-use passwords. Being compromised here doesn’t allow access to any level higher or anything of value like your gardening website, blogs, Netflix, or the library. Low security websites are also good targets for hackers to compromise as the money invested in security is also usually low. Hackers expect the gain a list of username / passwords here, then try the combination at the banks which if you have followed the above, won’t be an issue for you.