I have a confession, it’s hard to admit and I know it might make me a bit of a social pariah and an outcast in the industry I work in but I need to get this off my chest.
I used a single password for many online services *deep breath* for a long time.
It wasn’t a big deal at first, I only used it on Slashdot, then eBay, then Yahoo!, then Apple then a plethora of other systems until I simple lost control, plugging the same password into too many websites to count.
It’s just so darn convenient to use one password that I could rattle off in a second on every website I visited, confidently knowing that if I remembered the username or email address used I’d be able to buy something I didn’t need but desperately wanted.
I finally realised I had a problem though when I signed up to yet another service and they emailed me confirmation of my account with my “one online password” just sitting there, cleartext, in the email and had to do something about it.
I turned to my friends and colleagues for support but they were all at it as well, popping the same password into lots of different websites with gay abandon, not worrying about the future consequences.
Years before I fell into this terrible habit, I had an encrypted spreadsheet on my desktop computer where I dutifully stored all my credentials. It wasn’t that secure by today’s standards but worked.
I hardly bought a thing off the Internet so it mostly contained logins to the systems I administered, each password created by either a cunning recipe I’d come up with or random bashing on my keyboard if I needed to relieve some stress.
The aim was to slow down any would be hacker from being able to brute force access using dictionary attack techniques, allowing me to sleep at night knowing the 50 or so corporate systems protected by my angry keyboard mashing were safe.
Times have moved on though from having a questionably encrypted XSL file, I needed passwords synced across multiple devices including my mobile and tablet and had to come up with a better way of creating new passwords as frequent bouts of maniacal keyboard mashing would surely raise eyebrows in the office.
The solution? A decent password management platform.
I can now create complex passwords with any number of connotations and never have to worry about remembering the output. I can even sync to my other devices when needed so don’t have to worry about having the one version of my password database sitting on my laptop in London when I’m desperately trying to book a flight on BA.com on my iPad from Germany.
The first few months were hard and I faltered a few times at moments of weakness when the desire to book a hotel quickly was more important than going through the rigmarole of resetting the existing password, creating a new one and storing it, but I got there in the end and I’m now clean and away from the steel like grip of my old habit.
The most shocking part of this woeful tale is how many accounts I now have in my password manager – at last count over 100. Previously if one of the online services I used got popped, the attackers could have gained access to all of them, completely owning my increasing online footprint. Sobering thought.
With the recent spate of accounts being breached at companies I don’t need to mention, maybe now is a good time to take a step back and rethink your password habits.
Stop trusting other companies to protect your password and give them one that you’ll use nowhere else so if they do get breached, you’ve significantly reduced your risk of further exposure.
If you don’t already use one, make the right decision and download a password manager today.
Here are a few to get you started:
What are your tips for password safety? Leave a comment below.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.