Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.
Are You Reusing Passwords? That’s a Bad Idea
The modern world has a problem: pretty much everything we do requires an account and an associated password for that account.
On the one hand, that’s great when it comes to financial transactions or databases that have your personal information.
On the other hand, it’s absolutely terrible when you need an account and password to pay for water, electricity, and phone/internet bills.
This unfortunate reality of the system means that we’re constantly having to create new passwords, which also tends to mean that we just reuse passwords over and over again.
It’s definitely a big problem that we deal with, as it adds a ton of fatigue and massive security gaps that could see us lose a lot.
To that end, it’s never a good idea to reuse passwords, so let’s look at what types of password reuse exist, why they’re a problem, and how you can try and fix the issue at a personal level.
Types of Password Reuse
A lot of people tend to think that password reuse mostly just means using the same password over and over again, but the truth is more nuanced than that.
For example, reusing the same words with an incremental number change is absolutely a password reuse.
If your password is Boating111 and then, when prompted to change it, you use Boating112, well then congratulations, you’ve just reused your password!
Another example is using the same password but with small or minor variations. Again, taking the example above, if you reset your password from Boating 112 to Bo@ting112, you’re still reusing the password, albeit in a very slightly more secure way. Still shouldn’t do it though.
Probably the most egregious form of password reuse is using the same exact password for a variety of different websites. Even worse, if you just have one password that you use on all your websites, then you’re leaving yourself open for some real problems down the line.
Another similar example is using old passwords on new accounts that don’t have password limitations that stop you from reusing old passwords.
The Risks Involved
So what exactly are the issues here when it comes to password reuse?
Well, primarily the problem is that modern hacking tools have become exceedingly fast and sophisticated, and even something like a secure browser isn’t 100% safe.
Minor changes such as adding a symbol instead of a number, or using incrementally increasing numbers are truly no longer a challenge to most hacking tools.
In fact, there’s a type of attack called brute force where the only thing it does is try as many alphanumeric string combinations as possible.
This problem is compounded if a previous password has somehow leaked or been found out. At that point, it requires relatively little effort to simply plug that into a hacking tool, and let it try every iteration with minor changes. That sort of hack can take minutes to discover your new password.
Similarly, password reuse from leaks poses a problem when it comes to using old passwords, even ones that are many years old, on new systems. Just because a password is several years old doesn’t mean that a hacker won’t put that in the list of brute-forced passwords to try out.
In fact, because so many people tend to do this, there are leaked password lists that hackers can download and plug into their brute-forcing software of choice.
It’s also for this reason that reusing one password over several accounts is a problem because once it’s been leaked all the associated accounts are compromised.
Finally, a lot of people tend to not good antivirus software, and at that point, even the best password isn’t going to do much.
Cutting Yourself Some Slack
Before we make you feel bad, the truth is that the overall system is very much broken.
Everything nowadays tends to require some sort of password.
Both very important things like banking details to the minor things, like paying a utility that shouldn’t even require an account in the first place.
This not only fatigues people to no end, but it also causes them to cheat a little when it comes to making accounts. After all, what’s the harm in using the same password for minor things like grocery shopping or paying utilities? It’s not like they’re at the same level as banking details, right?
Well, the problem there is that people tend to not vary their passwords that much, so if one of those ‘minor’ account passwords leaks, it’s very likely that they’re similar enough to the major accounts that they’re also compromised.
Another issue is that companies and websites will regularly ask you to reset passwords, sometimes even as often as once a month.
This is another way the system is broken because most human beings simply don’t have the time or the inclination to be constantly making and memorizing passwords for possibly dozens of websites.
Again, this tends to make people constantly reuse passwords over and over again, either through simply adding iterations or minor changes, or outright using the same exact passwords several times over several accounts.
How to Fix the Problem
Well obviously, the quickest and easiest way to fix the reuse password problem is to use a password manager. That way you only really need to create a single strong password as a master pass, and not ever use it for anything else again.
Since most password managers have a password generation function, it’s great for creating passwords, even when you’re asked to reset your password often.
Another thing you can do is not think of it as a password but rather as a passphrase. That’s to say, instead of using one word or a string of alphanumerical characters, use three or four words that you’re going to remember.
For example “GrillPlaneFox” would be a passphrase that you can then add numbers and characters to add some extra complexity.
Passphrases are really useful since they are much easier to remember than a random string of letters and numbers. Not only that, but they’re actually just as, if not more secure than an 8 or 12 character password.
In fact, with modern processing power, you’d need 16 characters before your password started being actually secure.
Another thing you should try to layer on top of both of those is generally having a good sense of your own security and do your best to keep your information secure. There are several types of open-source privacy tools that you can use to keep yourself safe and well informed.
Besides that, the only other solution is to use any influence to change the password reset policy. For the most part, a reset every year is more than enough for pretty much any use, and allowing more characters for passwords is always going to be good.
You May Also Like: