Password reuse and the problems that come with it


2024 saw one of the biggest data leaks, exposing the login credentials of billions of users. This spells disaster for anyone who reuses passwords, as one compromised account means none of your accounts are safe.

As you scramble to secure your online accounts, cybercriminals have already accessed your sensitive data. This can lead to identity theft, blackmail, and financial loss.

Keep reading to find out more about the risks of password reuse and learn how to enhance your accounts’ security.

What is password reuse?

ADVERTISEMENT

From banking to social media to online stores, it seems like we need an account for almost every service, leaving us with the hassle of managing dozens of passwords.

Most people can’t be bothered to remember a few, let alone tens of unique passwords. Especially for something we deem unimportant – like that account you had to create just so you could apply for a job you like.

social-media-by-thomas-ulrich
Apps. Credit - Thomas Ulrich, Pixabay

It’s no wonder why so many of us choose to reuse passwords. Password reuse, or password recycling, happens when users use the same password across multiple accounts. It’s more common than you might think; more than 60% of Americans reuse passwords on multiple websites.

While it may seem like it’s not a big deal to use the same password for your H&M and Zara accounts, they still hold your personal information such as your full name, email address, and contact details. This information be used against you if it falls in the wrong hands.

The risks of password reuse

The biggest problem with password reuse is if a malicious actor gains access to one of your passwords, they can crack all your accounts. This poses a risk to privacy and security, leaving users vulnerable to identity theft and fraud, reputational damage, and financial loss.

However, that’s not all. Threat actors rely on password reuse for credential stuffing. Cases likes this have already been reported – cybercriminals use leaked credentials from data breaches to lock users out of their accounts. What’s worse, malicious hackers can gain access to saved credit card details to make fraudulent purchases, leaving devastating consequences for the real account owners.

ADVERTISEMENT

How to avoid password reuse and secure your accounts

Here are a few things you can do to create stronger, unique passwords and maintain good ​​password hygiene.

Use strong passwords

Firstly, there are three key aspects you should keep in mind when creating (or updating) a password:

  1. Length. Longer passwords are harder to crack, thus are more secure. Aim for 14 to 16 characters per password.
  2. Randomness. Every character should be random, without sequence or logic, making it almost impossible to guess. Consider using a mix of uppercase and lowercase letters, numbers, and special characters to enhance the complexity.
  3. Uniqueness. The password should be used for only one account. This ensures that if one password gets compromised, your other accounts are secure.

Use a password manager

Only 36% of Americans use a password manager. While it’s a gradual increase compared to a few years ago, the percentage is still small. Despite the many benefits, people are reluctant to use password managers. Security concerns, lack of understanding of the technology, and questions about how the password manager handles the data keep users at bay.

A password manager helps you keep track of your passwords by storing them in a secure vault. Most importantly, password managers help users to create and use strong passwords. After all, many of us don’t use strong passwords because they’re inconvenient. With a password manager, you don’t have to worry about organizing or forgetting your passwords.

What’s more, most password managers check the strength of your current passwords and encourage you to update them, serving as a sort of audit.

Regularly audit your passwords

According to cybersecurity experts, you should update your passwords every three months. But let’s be real – most people can only undertake such a challenge every so often. Instead, audit your passwords to ensure they’re strong and unique.

ADVERTISEMENT

I recommend updating your passwords after a suspicious activity or data breach. It’s another good reason to have a password manager, as most of them notify you if your login details have been compromised in a data leak.

Enable two-factor authentication

Two-factor authentication (2FA) is an identity verification method that requires two points of identification, also known as factors. These factors must be different. Generally, the first factor is something you know, such as your password. The second factor is either something you have, such as a one-time code on your smartphone or a security key, or something you are, like your fingerprint or face.

Let’s say you want to log in to your Google account. Without 2FA, you simply enter your login details, and you’re in. With 2FA, you need to confirm it’s you via a second factor – such as a one-time code – before you can access your account.

sign-in-request-ed-hardie
2FA. Credit – Ed Hardie, Unsplash

Some wonder why you need 2FA if your accounts are secured with unique passwords. While strong passwords are the foundation of online security, 2FA protects you against external threats outside of your control, such as data breaches and phishing attacks.

By requiring a second verification, 2FA adds an extra layer of security to your accounts. This means that even if your password gets compromised, the malicious actor won’t be able to access your account. Moreover, you will be notified that someone tried to gain unauthorized access, prompting you to change your password and take further security measures. This further involves the user in the process of securing their account and makes them more aware of possible risks.

Which 2FA method is the best?

Any 2FA is better than no 2FA, but some authentication methods are more reliable than others. Here are the most common 2FA methods and why you should or shouldn’t use them.

One-time codes

ADVERTISEMENT

Probably the most popular choice, one-time code is an easy-to-use and accessible 2FA method. It’s pretty self-explanatory – you receive a unique code that’s valid for a temporary amount of time to verify that it’s you trying to gain access. One-time codes are sent by:

  • SMS. Commonly referred to as the least secure 2FA method. One-time codes sent by a text message can be easily intercepted and are prone to SIM-swap attacks.
  • Email. A more secure alternative to SMS. However, it’s still prone to being compromised. One-time code is usually valid from 5 to 10 minutes.
  • Authenticator app. Very secure. One-time codes are stored in the app and regenerate every 30 to 60 seconds.

Biometric authentication

Fingerprint and facial recognition are the most popular biometric authentication methods. They’re built into almost every smartphone and are more convenient than a one-time code – just touch the sensor with your fingertip or look into the camera, and you’re good to go.

Considering that it’s based on unique characteristics, biometric authentication seems impenetrable. Alas, with the technology – particularly AI – advancing as fast as it is, it’s now possible to replicate.

Nonetheless, it requires a lot of time and effort. Most cybercriminals prefer an easy catch and won’t go through all the trouble to hack your biometrics, so it’s a pretty secure 2FA method.

Hardware security keys

A physical key that you have to insert into your device to confirm it’s really you trying to log in. It’s probably the most secure two-factor authentication method currently available as the only real way someone could compromise it is by stealing it directly from you. Of course, it’s possible to hack them as well, but security keys are generally immune to phishing and man-in-the-middle attacks.

YubiKey is one of the most popular hardware security keys on the market. Users can verify their identity by inserting the USB into their device or using NFC. Unfortunately, security keys can be quite expensive (compared to other 2FA methods that don’t cost a dime), so people generally use them to secure their most valuable accounts.

Conclusion

ADVERTISEMENT

Password reuse isn’t just a bad habit – it’s a security hazard. A single data leak could result in losing access to all your accounts and leaving your sensitive information in the hands of cybercriminals.

Securing your accounts is easy, and there is no reason why you shouldn’t do it. At the very least, highly sensitive accounts, such as your primary email, banking, and social media accounts, should be secured with unique passwords and 2FA.

Start by using strong passwords, update any old or weak ones, and keep track of them with a password manager. Add a second layer of security with two-factor authentication. To ensure that you’re using 2FA, I suggest choosing a method that’s convenient and easy to use, such as a one-time code or an authenticator app on your smartphone.


ADVERTISEMENT

Leave a Reply

Your email address will not be published. Required fields are markedmarked