Password Tip #2: Unique Passwords
You may have heard this tip before; use a different password for each site/application. Why? Well, the last thing you want is someone to guess or acquire your password for one application and use that to access them all. This would be akin to someone getting your car key and using it to access the front door to your business.
In today’s world of SAAS applications, this is a huge problem! Many applications and web sites use an email/password combination for authentication.
Imagine this all too common scenario. You find some cool new web app that’s free. You want to try it out. You sign up using your email and the password you use everywhere. Well this really cool new web app is in BETA and the people that build it weren’t really concerned about security – it’s just a simple entertainment app.
Along comes a bored youngster who imagines himself a hacker. Using easily available tools off the Internet, he exploits a well known problems and snags the password database from this really cool new web app. The youngster proceeds to log into your email account using the password. Now the fun begins!
Time goes by, and the youngster sees an email identifying other applications you use. Cool! For example, our avid youngster sees you are a user of SmartVault. He logs in as you and proceeds to download all of your client’s data. Oooppps!
Nothing here was that sophisticated.
You say it is not practical to remember all of these passwords! That is true. You either need to use a password management tool or use three separate passwords:
- One for financial sites
- One for sensitive data
- One for sites holding no value
I’ll be talking later about password management tools.
This simple step combined with a strong password (see tip #1) are the most important things you can do to improve your online security.