Want to reduce the risk of getting whacked by ransomware and the other cyber horrors?
Answer: Reset your passwords.
More specifically, reset all your passwords so you’re not reusing a password across different websites, financial accounts, or wherever else you use passwords on the Internet.
Why? Because weak and reused passwords increase the chances that bad guys will steal your money or try to extort you.
And the chances of this happening rise dramatically the weaker your password is and the more it’s replicated across different accounts and websites.
I know personally that it’s dangerous because I saw seen this happen to someone. In that case, the person was threatened* with ransomware (see notes at bottom).
Google made the case recently about the danger of reusing passwords. (The Verge). And last year Google published the results of a poll showing that “52 percent reuse the same password for multiple (but not all) accounts.”
I asked some experts who basically drove home this point.
“Reusing the same or a slightly changed password across accounts is a huge source of risk,” Lujo Bauer, CyLab faculty member and professor in the Electrical and Computer Engineering department at Carnegie Mellon and an author of a study that is summarized here, told me in an email.
“If — really, when — one site gets breached and the passwords used on that site are stolen, attackers can — and do — try using the stolen passwords to log on to other sites as well,” he said.
He added this: “Supposedly this is how Mark Zuckerberg’s Twitter and pinterest accounts were hacked.”
Bauer suggests, as does Google, that you use a password manager if you find it too challenging to keep track of lots of strong passwords across multiple sites.
People fall into the cognitive dissonance trap when setting their own password policy
Gerald Beuchelt, Chief Information Security Officer, LogMeIn, told me that “cognitive dissonance prevails” when people establish their own password-use policies. In other words, what you may tell others to do, you won’t do yourself.
“Some of the most common ways people are leaving themselves vulnerable online is by using weak, easy to crack passwords, and then re-using those same passwords on their other online accounts,” Beuchelt told me in an email, echoing Google and Carnegie Mellon’s Bauer.
He cited a study from LastPass, that said:
“53% of respondents haven’t changed their password in the last 12 months even after hearing about a breach in the news.”
“Taking just a few simple steps to improve your password behavior can lead to a significant increase in your online security,” Beuchelt told me.
Use the tools that Google provides
Google provides some very good tools that check if your password has been breached and will suggest which passwords are weak.
Use those tools. It may save you from hacked-password hell.
Crothers, Brooke, “Password Safety Reset: If you Do One Thing, Do This – Creating A Safe, Strong Password” Forbes.com July 3, 2020
_______________________________________________________________
For more information on how to create safe and secure passwords, check out John Kalli’s Presentation “How to Create Killer Passwords That Can’t Be Hacked“.
