It seems like every month we hear about a new website that’s been hacked. And the number of usernames and passwords that are being hacked, de-coded, and listed for sale on the internet is growing at an alarming rate. Tons of websites have been hacked, allowing your personal information to be sold. Website we use every day, like LinkedIn and Twitter, have been targets of these attacks. But what’s important to remember is, being hacked once makes you more vulnerable to being hacked again and again, especially if you use the same password on multiple websites.
Using a different password on every.single.website. is one of the most important and easiest things you can do to help keep a hack or breach from ruining your life. Think about it – is your username and password for Twitter the same as your online banking? If so, that means when your Twitter gets hacked, your bank account gets hacked also. That’s because hackers will take the usernames and passwords from one website and try them on thousands of others.
With all of the social media websites, e-mail accounts, and other websites that we are constantly logging into and signing up for to “try out” and “see if it works” for our business (not to mention games on our iPhones), it may seem like an incredibly daunting task to use a different password for all of these. But it is extremely important. Here’s why: say you sign up for this free new website that lets you edit photos (maybe you don’t need Photoshop, but still want to do basic editing on your listing photos). You try it out, maybe use it a lot or not at all. Then, one day, this free website (which is probably a one- or two-man show, and since it’s free and doesn’t collect credit cards, may not be too secure) gets hacked. It isn’t a big company, so you probably won’t even hear about it in the news or on social media. Meanwhile, the hacker has your e-mail address and password – the same e-mail address and password you use for everything. In a matter of minutes, they could be in your Dropbox, on your Facebook, or in your e-mail account and resetting passwords for all of your online banking.
Now, how do you avoid this risk without going crazy trying to remember all of your passwords? Here’s a trick I use: have a password “system” that changes slightly for each website. For example, you’ll start with a template such as “Website1234!” where the word “Website” changes depending on what website you’re on. For example, on Twitter, you could use “Tweet1234!” or use “Pony1234!” for Wells Fargo. Just an easy, simple word or phrase (but NOT the name of the website itself) that you’ll remember will do.
Remember, you still want to follow other important password rules, such as not using letters and numbers in simple patterns, and mixing capital and lowercase letters in non-obvious ways. So, your real passwords may use the random number 7290 and decide to only capitalize vowels, for example: “twEEt7290!” for Twitter and “pOny7290!” for Wells Fargo. It looks complicated, but if you use the same pattern and stick to it, this is a great, easy deterrent for online theft. Even if you think it’s easy to figure out, hackers won’t spend the time trying to “crack your code” when there are millions of other people using the exact same password.
There are lots of other great tips out there. But remember, the most overlooked component to a strong password is using a different password for EVERY website. This is crucial!