Managing passwords are a hassle especially when you have so many different services you need to access.
So what do people do to keep it simple? They reuse passwords.
From a cybersecurity perspective this is fraught with risks. To illustrate simply go take a look at https://haveibeenpwned.com/.
This is a database of all known breaches arranged in a way that you can find out if an email address that belongs to you has been captured in a breach.
Often when databases are breached, the passwords are included and if you are lucky the database has been hashed and salted (properly encrypted) which is rare. Mostly if there is any encryption, it can be reversed and then often used to attempt against other services that have the same username.
If you have the same username and password on multiple services then Hey Presto! the bad guys are in with minimal effort.
If you use unique passwords then you have stopped them cold and they will need to work harder to traverse to other services. Congratulations! You just stopped being low hanging fruit.
To take this a step further, some email services allow you to mess with your email address. For example, Gmail allows you to add suffixes to your email username so [email protected] can be modified to be [email protected] for some added security and you can use this addressing to find out where that spam came from. With this knowledge you can decide if the service that sold your contact details is worthy of your business.
Next we will be looking at how we can populate and then herd our massive password zoo into a easy to manage system that is secure and easy to recall.
If you want to learn more about how to protect yourself from hackers you can check out my review of Hacked Again.