Reusing Passwords – Why you Should Use a Website Password Manager

Re-used password wraning

I use the same password on all my accounts – I can’t remember different passwords for each one

A recent survey done by SecureAuth Corp and Wakefield Research found that 81% of the people interviewed used the same password on more than one account. That number rose to 92% among Millennials, 36% of whom also revealed that they re-used the same password on more than 25% of their online accounts.

Those are shocking numbers. Why?

A lot of people are making life a lot easier for the hackers.

A distraught personIf a hacker successfully hacks one of your accounts they’re going to try the same credentials on all your other accounts. If you’ve used the same password across all of them your life is about to become very unpleasant.

Not only does this put your entire online life at risk, it also makes you a bad net citizen because you’re making it easy for the cyber-criminals.

It compares in the real world to leaving your house unlocked with all the windows open – an invitation too good to turn down for the thieves, who will also take a good look at other homes in the neighbourhood. That won’t please your neighbours..!

In my experience, though, those numbers at the top are low. I can tell you that almost 100% of the customers I have worked with in my business use the same password for all their accounts. One or two of them vary one character occasionally, but that’s all.

Again: if you use the same password across more than one account the hackers only need to guess it once. Thereafter, they have access to every account where you’ve used the same password

Password strength: it’s all about the length (of the password)

Making your accounts exponentially more secure is simple: add one (just one) character to your password.

Password strength is, quite simply, all about mathematics.

I’ve used this example elsewhere, but I repeat it here with a bit more detail because it’s important to understand the concept:

There are 88 characters available to you with which to create a password. They are:

  1. Letters – both upper- and lower-case (52)
  2. Numerals (10)
  3. Symbols (26)

In order to get access to your account the correct password characters must be entered and in the correct order.

So, if you create a password with one character the hackers will need up to 88 attempts to guess it.

Mathematics on a blackboardIf you add just one character, making it a 2-character password, the hackers will need up to 7,744 attempts (88 X 88). This makes your password 88 times stronger than before.

If you add another character, to make it a 3-character password, then it becomes 7,744 times stronger than the 1-character password (up to 681,472 attempts required).

However, the hackers are extremely smart people, and they use very clever computer programs to attempt to guess login details (these are called brute force attacks). Those computer programs can make many millions of attempts per second.

So I use at least 13 characters in my passwords.

The number of attempts required to guess a 13-character password takes even the most powerful computers so long that it isn’t worth the effort. They pack up and move on.

So creating a strong password is not about using obscure symbols (the computers know all those). It is all about the length.

I can’t remember different 13-character passwords for each of my accounts..!

I know. That’s why you need a password manager.

There are around 10 password managers on the market and here’s what the best ones do:

  • Remember the login page and details for each of your accounts
  • Log you in securely with one click
  • Automatically save your login details for each new account you create
  • Generate random passwords for you to assign to each of your accounts (and remember them!)
  • Find duplicated passwords
  • Fill in your data on forms – e.g. billing and delivery details when you’ve bought something online
  • Synchronise your login details across all your devices so you can login on any device from anywhere

This gives me tremendous peace of mind: I have long, unique passwords on every single one of my accounts and I can access all of them from anywhere, on any of my devices.

In conclusion…

I have used Roboform as my password manager since 2006 – it does everything I need. It does all of those things I listed above and I wouldn’t be without it.

I reviewed Roboform here.

If you do a search you will find around 10 password managers in total (including Roboform and LastPass). I do strongly recommend that you get one and stop using the same password across different accounts!

Important: most of the hacking attempts online are carried out by bots (computer programs). You can make your site more resistant to hacks, thereby causing the bots to turn their attention elsewhere, but no website is ever 100% secure, so you must have a recovery plan.

More on that in another article.

If you have any questions do please leave a comment below and I’ll get back to your as soon as I can 🙂

Cheers,

Martin Malden

Martin Malden
Owner – WP Security Basics

{ 6 comments… add one }
  • Ian September 21, 2018, 6:44 pm

    Martin,
    I have password keeper program on my iPhone. Its called SplashID. It is fine ans stores a whole lot of passwords. The issue I have is when a web site asks me for a Pwrd Ive got to open the SpashID app, find the one Im looking for, copy it then go back to tge web site and paste it in. A hassle. Does your one have smarts to locate the pwrd reqd and fill it in?
    Ian

    • Martin September 21, 2018, 8:34 pm

      Hi Ian,

      The short answer is ‘Yes’.

      That said: I’ve not tried manually navigating to the login page on my hand-held device and then asking Roboform to log me in. If I haven’t used Roboform since the last time my screensaver activated, then I need to log in to Roboform with my Master password before I can do anything. (It locks automatically as soon as the screen saver activates, although you can change that action in the settings).

      On desktop, if I manually navigate to a login page, then Roboform knows where it is and I just need to click the ‘Submit’ button for it to log me in. I’ve never done it that way on my hand-held: when I’m on that device I log in to Roboform, find the passcard I want and tap that. It then takes me to the login page and logs me in. Only one proviso: I use Android, not iPhone, but I cannot see it being any different..!

      Hope that helps, but come back at me if I need to clarify anything!

      Cheers,

      Martin.

  • Rachael September 21, 2018, 11:25 pm

    Hi Martin,

    I used to be guilty of using the same password everywhere. For years – even my bank accounts used the exact same password as my social media accounts, all my random forum accounts, and anything else you can think of. And the best part? It was a single word with no added characters. Of course some sites required an extra number or symbol, and I would reluctantly add something easy enough to remember.

    At some point one of my gaming accounts got hacked. THAT was freaky! I logged in to find all my information had been changed, and was no longer my own. Just dealing with that one account was a major hassle, but it did get dealt with.

    I was a bit more careful after that point. I progressed to using 2-3 different passwords around the net! And adding numbers more often! 😀

    But seriously, last year I finally discovered LastPass and it has literally been a lifesaver for me. It does all the things you mentioned and I find it super convenient because not only am I automatically smarter about password security, but I don’t even have to remember a single password. Except my LastPass password – without that I’d be a bit screwed.

    Cheers,
    Rachael

    • Martin September 22, 2018, 7:08 am

      Hi Rachael,

      I know your gaming account was hacked, and that really shakes you, but you can actually consider yourself quite lucky..!! They could have got your bank accounts, email accounts – everything. It could have been many times worse..!

      I was also hacked in my early days, and I felt totally personally violated – it felt as if they had come into my home and physically trashed everything. Horrible.

      Glad you’re all set up with LastPass now. That is an excellent service 🙂

      Cheers,

      Martin.

      • Rachael September 23, 2018, 3:47 am

        Yes! I do consider myself quite lucky that I got that wake up call when I did. I know it could have been so much worse. I shudder to think if it had been a bank account or email. *SHUDDER*

        Thanks for sharing this stuff, it’s so important!

        • Martin September 23, 2018, 6:42 am

          You’re very welcome – so many are oblivious to the levels of cyber-crime out there (and growing). People generally don’t equate security online with security in real life yet, but it’s just as important. It really is the WWW (Wild, Wild West) 🙂

          Cheers,

          Martin.

Leave a Comment