Password Re-use – Why you Need a Website Password Manager

Re-used password wraning

I use the same password on all my accounts – I can’t remember different passwords for each one

A recent survey done by SecureAuth Corp and Wakefield Research found that 81% of the people interviewed used the same password on more than one account. That number rose to 92% among Millennials, 36% of whom also revealed that they re-used the same password on more than 25% of their online accounts.

Those are shocking numbers. Why?

A lot of people are making life a lot easier for the hackers.

A distraught personIf a hacker successfully hacks one of your accounts they’re going to try the same credentials on all your other accounts. If you’ve used the same password across all of them your life is about to become very unpleasant.

Not only does this put your entire online life at risk, it also makes you a bad net citizen because you’re making it easy for the cyber-criminals.

It compares in the real world to leaving your house unlocked with all the windows open – an invitation too good to turn down for the thieves, who will also take a good look at other homes in the neighbourhood. That won’t please your neighbours..!

In my experience, though, those numbers at the top are low. I can tell you that almost 100% of the customers I have worked with in my business use the same password for all their accounts. One or two of them vary one character occasionally, but that’s all.

Again: if you use the same password across more than one account the hackers only need to guess it once. Thereafter, they have access to every account where you’ve used the same password

Password strength: it’s all about the length (of the password)

Making your accounts exponentially more secure is simple: add one (just one) character to your password.

Password strength is, quite simply, all about mathematics.

I’ve used this example elsewhere, but I repeat it here with a bit more detail because it’s important to understand the concept:

There are 88 characters available to you with which to create a password. They are:

  1. Letters – both upper- and lower-case (52)
  2. Numerals (10)
  3. Symbols (26)

In order to get access to your account the correct password characters must be entered and in the correct order.

So, if you create a password with one character the hackers will need up to 88 attempts to guess it.

Mathematics on a blackboardIf you add just one character, making it a 2-character password, the hackers will need up to 7,744 attempts (88 X 88). This makes your password 88 times stronger than before.

If you add another character, to make it a 3-character password, then it becomes 7,744 times stronger than the 1-character password (up to 681,472 attempts required).

However, the hackers are extremely smart people, and they use very clever computer programs to attempt to guess login details (these are called brute force attacks). Those computer programs can make many millions of attempts per second.

So I use at least 13 characters in my passwords.

The number of attempts required to guess a 13-character password takes even the most powerful computers so long that it isn’t worth the effort. They pack up and move on.

But, however strong your password is, the instant you use it on another account it’s no longer secure.

As soon as the scammers have discovered one of your passwords they will try it, and variations of it, on all your accounts.

So each of your online accounts must have a unique password.

I can’t remember unique 13-character passwords for each of my accounts..!

I know. That’s why you need a password manager.

There are around 10 password managers on the market and here’s what the best ones do:

  • Remember the login page and details for each of your accounts
  • Log you in securely with one click
  • Automatically save your login details for each new account you create
  • Generate random passwords for you to assign to each of your accounts (and remember them!)
  • Find duplicated passwords
  • Fill in your data on forms – e.g. billing and delivery details when you’ve bought something online
  • Synchronise your login details across all your devices so you can login on any device from anywhere

This gives me tremendous peace of mind: I have long, unique passwords on every single one of my accounts and I can access all of them from anywhere, on any of my devices.

In conclusion…

I have used Roboform as my password manager since 2006 – it does everything I need. It does all of those things I listed above and I wouldn’t be without it.

I reviewed Roboform here.

If you do a search you will find around 10 password managers in total (including Roboform and LastPass). I do strongly recommend that you get one and stop using the same password across different accounts!

Important: most of the hacking attempts online are carried out by bots (computer programs). You can make your site more resistant to hacks, thereby causing the bots to turn their attention elsewhere, but no website is ever 100% secure, so you must have a recovery plan.

More on that in this article.

If you have any questions do please leave a comment below and I’ll get back to your as soon as I can 🙂

Cheers,

Martin Malden

Martin Malden
Owner – WP Security Basics

P.S. Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them and I’d be happy to answer any questions you may have):