What is Password Re-Use?
When you create a new login, do you typically use the same password, or a variation on another password you use? If so, your online identity is at risk! It’s understandable–it’s common for users to have 100+ online identities, each with it’s own username and password. It’s not surprising that users have trouble keeping track of all these distinct credentials. Read on to understand why this isn’t a good security practice, and how to use a password manager to improve your password hygiene.
Understanding the Risks of Password Re-Use
Whenever you create a password for an online account, you’re trusting them to store that secret securely. Unfortunately, it’s extremely common for even major companies to store passwords using insecure methods that would allow them to easily be reverse-engineered and then used to perform further mischief. It’s impossible to be sure how securely your credentials are stored until it’s (often) too late–the site has been breached, and all too often unsecured or poorly secured passwords are harvested and put up for sale on the dark web.
Passwords discovered in one breach can then be used by cybercriminals to compromise other accounts associated with the same user. This increasingly common cyberattack method is known as credential stuffing. These days, attackers can use automated tools to test hundreds of stolen credentials per minute against other platforms, potentially taking over other accounts and gaining access to valuable information.
Mitigating the Risk: Use a Password Manager
The solution to the problems posed by password re-use lies in maintaining strong, unique passwords for each account, but remembering dozens (hundreds?) of complex passwords can be daunting. This is where password managers come into play. Password managers make password re-use irrelevant by remembering your passwords for you–you simply need to securely authenticate to the password manager
- Unique Passwords: A password manager encourages the use of unique passwords as it removes the burden of having to remember each one. You can have a unique, strong password for each of your accounts without the struggle of remembering them all.
- Secure storage: Best-in class password managers use peer-to-peer storage, where your passwords are stored securely only on devices that you’ve authorized, and never on a central server where they could potentially be compromised. This is an especially important feature since password managers are an especially juicy target for hackers looking to get access to the “keys to the kingdom”.
- Automatic Generation: Most password managers offer an automatic password generation feature. This tool can create strong, complex passwords that are far less likely to be cracked by cybercriminals.
- Password auto-fill: Rather than having to look up passwords for each site, password managers have a browser plug-in that will detect what site you’re attempting to login to, and suggest matching credentials to use.
- Two-Factor Authentication: Some password managers also offer two-factor authentication, providing an additional layer of security. This means that to access your passwords, you would need to provide something you know (your master password) and something you have (like a code sent to your phone, or a TOTP code generated by the app).
Unsure where to start with implementing a password manager? GreenLoop can help! Reach out to your Account Manager for further assistance.
