We’ve all been guilty of re-using a single password for multiple websites. The idea is tempting. Who has time to remember a new password for every social networking site or service you sign up for?
Although it’s known to be a risky tactic, plenty of people still do it. But according to LastPass CEO Joe Siegrist, it’s not just risky — it’s one of the most dangerous things you can do on the web.
“Reusing a password is like reusing the same key for every lock and having that key be something that you give out to everyone you meet,” Siegrist said to Business Insider. “And it can also be instantly copied and used remotely.”
If a hacker obtains your password, the first thing he or she does is check whether or not that password works for other websites, Siegrist said. That’s why it’s important to use different and unique passwords for all of your online accounts.
There are a few ways to do this. If you’re not using a password manager app like LastPass or 1Password, you could come up with a phrase you’ll remember. Yuriy Guts, a software engineer and researcher at Eleks Labs, came up with a clever way to generate memorable passwords. Think of a movie, song, or pop culture reference you associate with that website, he writes on Eleks Labs’ blog.
Then, add a few transformations that make the phrase unique, such as replacing some letters with numbers or adding underscores. This also results in a password that is probably longer than one you would have thought of randomly, which also makes it more difficult to guess.
“People don’t grasp the risk they’re actually taking when they reuse the same passwords,” Siegrist said. “They think there’s nothing really out there.”
It’s becoming more important than ever to protect your passwords. Within the past several months, there have been numerous breaches and Internet vulnerabilities that could make it very easy for hackers to obtain your data.
The Heartbleed bug that was discovered in April, for example, was considered to be one of the biggest vulnerabilities the Internet had seen in years. Just last week, The New York Times reported that a cyber crime ring in Russia had amassed a giant library of more than one billion passwords.
Creating unique passwords and changing them occasionally is important, but enabling two-factor authentication is just as crucial. With two-factor authentication, you’ll need to enter a code sent to your smartphone before you can log in with your password. Some services allow you to enable your computer to remember this password for 30 days, and only prompt you to enter a code when you log on to a new device.
The problem, however, is that there are still a ton of websites and services that don’t support two-factor authentication. Most email services and social networks do, but Instagram, Citi Bank, Capital One, and cloud storage platform SugarSync are among the websites that don’t, according to TwoFactorAuth.org, a site that tracks whether or not websites support two-factor authentication.
“[There are] all of these places where you’re putting your information out there,” Siegrist said. “It’s just a treasure trove, and people can do all kinds of things to you.”
Business Insider Emails & Alerts
Site highlights each day to your inbox.