Here at Leapfrog we really, really, really want you to use unique passwords. So much so that we’re hoping you forgive us for the headline and take our advice. Mega breaches call for mega action!
Breaches are out of control, so if you’re using the same password for more than one account, it’s like slapping a big target on your cyberspace forehead that says “steal my stuff.” Here’s how to remove the target — and who isn’t sexier without a target on their forehead?
At the end of last month, for example, a new T-Mobile data breach exposed two million customer records. But you may not have heard about the breach — most of us have gone news-blind when it comes to breaches unless they’re spectacularly large. As a reality check, here’s a quick recap of some of the biggest breaches over the past few years:
- Yahoo, 2013-14. Impact: 3 billion user accounts
- Adult Friend Finder, October 2016. Impact: 412.2+ million accounts
- MySpace, June 2013. Impact: 360 million accounts and 427 million passwords
- Exactis, June 2018. Impact: 340 million records
- Under Armour, March 2018. Impact: 150 MyFitnessPal app users
- eBay, May 2014. Impact: 145 million users
- Equifax, July 2017. Impact: 143 million consumers
- LinkedIn, 2012. Impact: 117 million accounts
- Target Stores, December 2013. Impact: 110 million people
- Uber, Late 2016. Impact: 57 million Uber users and 600,000 drivers
- JP Morgan Chase, July 2014. Impact: 76 million households and 7 million small businesses
- US Office of Personnel Management (OPM), 2012-2014. Impact: 22 million current and former federal employees
And those are just some of the reported breaches. You can bet your bottom lily pad many breaches were not disclosed. Or were big enough to report on. Every time you try to log in to an account and have to create a new password, that’s a hint the database may have been compromised.
It would be nice to think that your personal accounts have not been nor will ever be compromised. But that’s highly, highly unlikely.
Why you need to use unique passwords every time
You cannot count on companies to keep your data safe. Sometimes they do a lousy job. Other times they do exactly what they’re supposed to do but the hackers find a way around it. The best you can do to protect your identity (and your net worth) is to create a strong, unique password for each and every account so if one account is compromised, it’s the only one you need to worry about.
For example, there was a lot of news about TeamViewer last month but it wasn’t hacked after all. But account holders suffered anyway. Data thieves used stolen passwords from other hacks to gain access to TeamViewer user accounts, which gave them access to the users’ financial accounts which allowed them to buy stuff with users’ money. That’s how the process works.
Cybercrooks have sophisticated software that runs your stolen login information through other websites looking for a match.
So, while it’s tempting to use the same password for accounts that “don’t really matter,” like random shopping sites or social media sites you never use, if you’ve associated any personal information with that account, like your real name, email address or, gasp, a credit card number, you’ve got a big target on your cyber forehead.
Stop sabotaging yourself with these four password habits
1. Stop using the same password on more than one account.
We made the point above. Hackers feed off of lazy people.
2. Stop using short passwords.
Don’t make it easy for them. Password-cracking tools can run thousands of options in seconds. Use long passwords of at least 14 characters and don’t bother making them up yourself — use a password generator. Bookmark the generator and use it every time you need to create a password.
3. Stop trying to remember passwords or invent ways to keep track of them.
No one can do this effectively when they’re changing habits #1 and #2. Use a password manager. They securely store your passwords and come with built-in password generators — click, click, done. You just remember one master password and you’re golden.
4. Stop pretending you’re too busy to use two-factor authentication.
No one is that busy. It takes 10-15 seconds at most to have a six-digit code sent to your phone so you can enter it. And it sure beats spending countless hours on the back end, opening new accounts and filling out paperwork trying to get your stolen money back. And whenever you can use biometric authentication instead of a password, do it.
When you change these four habits once and for all, hopefully this can be the last post you read about passwords for a long time.
If you liked this post, don’t forget to subscribe to FrogTalk, our monthly newsletter.