The Risk in Reusing Passwords

The Tip

We’ve mentioned in several weekly tips that it is a bad habit to use the same passwords on multiple sites. With more and more large breaches coming into the news recently, it’s more important than ever to stop this bad habit that we all so easily fall into.

The Detail

The risk we take when we reuse a password is that when one of these breaches of user information does happen, the criminals will immediately start trying these username:password combinations at major banking sites, Amazon, Google, your workplace, and so on and so on. It doesn’t take long to do this with automated hacking programs. If you’ve used the same password at any of these places you can be in trouble quickly.

Fortunately, protecting yourself from these threats is easy;

  • Never use the same password on more than one site
  • Use a service like https://haveibeenpwned.com to monitor known breaches for your email address
  • If your address does come up, change your password immediately and if you have used that password in more than one place, go change all of them to unique passwords
  • If you have too many passwords to keep track of, start using a password wallet

The website have i been pwned tracks known breaches and can be set up to notify you if your address shows up in one. It can also be used to monitor an entire domain. We use it here to keep an eye on @nipissingu.ca addresses in known breaches. These events happen all too often, even at major sites where you might feel the security would be the tightest. Not necessarily so. For instance;

  • Verifications.io was breached in Feb of 2019. 763,117,241 accounts were exposed. 538 of these were @nipissingu.ca addresses
  • MyFitnessPal was breached in Feb of 2018. 143,606,147 accounts were exposed. 65 of these were @nipissingu.ca addresses
  • ShareThis was breached in Jul 2018. 40,960,499 accounts were exposed. 66 of these were @nipissingu.ca addresses
  • MyHeritage was breached in Oct 2017. 91,991,358 accounts were exposed. 25 of these were @nipissingu.ca addresses

Other major breaches have included places like Adobe, DropBox, Equifax and more.

If you think that you may have been in one of those, it’s a good reason to refresh your passwords now and be sure you are using good quality and unique passwords/passphrases everywhere.

If you have more questions about these topics, please contact UTS, and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.