Security Corner

Jul 29 2014   12:38AM GMT

Security worst practice: Password reuse

Ken Harthun Ken Harthun Profile: Ken Harthun

Tags:
password security
Security

This article, “eBay’s StubHub ransacked for over $1 million, international crime ring arrested,” from Naked Security said:

It’s a shame that users all too often make it easy for crooks to just plug in credentials leaked from other breaches.

It’s yet another example of why passwords shouldn’t be reused.

Password reuse is, apparently, a given. No matter how much we lecture, a (hopefully shrinking!) percentage of people are going to commit this security sin.

Should we start expecting businesses like eBay to plan for that? Or should we just let password reusers suffer the consequences of their redundancy?

I’m certainly guilty of having re-used passwords myself, but it has been a long time since I’ve done it. In fact, since I started using LastPass, I no longer use duplicate passwords, and I am cleaning out those that still exist. What duplicate passwords I have are not on anything critical; all of my important logins such as email, banking, credit cards and other sensitive sites, have unique, strong passwords.

Now, I don’t know how we can expect businesses to plan for such a thing. How would they know a password is reused elsewhere? Monitor hackers’ sites and password dumps? They could do what Facebook did and run researchers’ recovered plaintext passwords, I suppose, but that’s a lot to ask of any company. No, I think it’s just going to take continuing education on the part of those in the know and trial by fire for those guilty of reusing passwords for critical sites.

I’ll leave you with this good advice from Naked Security:

Make sure your family, your friends, your colleagues and anybody else you can think of are choosing strong passwords, at least 12 characters long, that mix letters, numbers and special characters.

If those passwords are impossible to remember, that’s good – all the better. That’s what they make password managers like LastPass or KeePass for.

Don’t reuse passwords!
 


Follow Ken Harthun on Twitter Follow me on Twitter

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: