Your online passwords should be one of, if not the most, secretive thing about you. It is considered very private information because if it falls into the wrong person’s hands, you can quickly become the victim of a hacking event. Hacking events can cause a lot of damage to your files, devices, and finances, which is why it’s essential to keep your passwords to yourself. We’ll go through everything someone can do with a reused password and explain why making a new password for every account is necessary.
See more: The 6 types of hacks you should know about
How can a reused password harm your security?
A reused password can put you in harm’s way in countless ways. All of them have something to do with hacking into your accounts, of course. However, many don’t realize the extent of damage that can be done when multiple accounts use the exact same password. You likely have multiple accounts with the same password or similar iterations of a password you use frequently. Here is what you’re up against:
Data Breaches
When creating an account for Google, Amazon, or Meta, these sites are backed by large security teams dedicated to keeping servers free of hackers 24/7. That’s why large data breaches are uncommon with these sites. This is good news, considering many people put a lot of information into these sites, such as documents, pictures, and financial information.
However, you will likely frequently make accounts for smaller, less security-conscious sites, like when you do surveys, buy something from a small local shop, or even sometimes apply for jobs. These sites are more likely to be hacked if they aren’t depending on a more extensive infrastructure (many small businesses, for example, rely on third parties like Shopify or Etsy, which reduces this risk), and user information may end up getting leaked on the dark web for purchase.
This is where the trouble begins. If you use the same password on a smaller, less secure site as on your most important accounts, like your Google Drive, those leaked credentials may get used on Google, thus giving hackers access to that account.
Credential Stuffing
This type of cybercrime goes hand-in-hand with the previous point. Credential stuffing is when hackers gain access to login information from one website and use it on many other websites to see if they can access more accounts. Typically, lists of login information are bought off the dark web from hacked websites with a weak security framework. Hackers will use this information and usually go for the most high-ticket websites to try logins on, like Google, Meta, and banking websites. Often, they will utilize these additional breached accounts to run more scams, hold your files for ransom, or steal your money.
See more: What is a credential stuffing attack?
Financial Loss
Speaking of online banking accounts, we want to emphasize the dangers of having the same password for all your online bank portals. Having just one of these accounts breached by hackers is tough to recover from, but having all of them breached at once is a nightmare, especially if you travel a lot and are currently overseas, where access to your money is more limited. Although hackers may not have access to your cards specifically, they have many tactics to get what they want. We’ll name a few:
- Ransom – Hackers may freeze your cards from your accounts and demand a sum for you to regain access.
- Information – When criminals know how much money you have, they can determine if you are a worthy target and be much more aggressive with their tactics.
- Social engineering -There is a reason why banks often state that they never ask for your social security number over the phone. When hackers have access, they can use your personal and account information to impersonate your bank more convincingly and retrieve information they may need to take out loans, open more accounts, etc.
Account Hijacking, Reputational Damage, and More
Since we mentioned social engineering, let’s get into the nuances of account hijacking. You may think that the only danger that comes from getting your accounts hacked is losing your files, but that’s just the beginning. Hackers will often go for social media accounts for the fact that you have followers and people who trust you following you. With this built trust, they will infiltrate your network and try to lure others into more scams.
The more information they have about you and your loved ones, the better. They may use your tagged photos and DMs to determine who you are closest with, talk to the most, and then impersonate you to lure them into their scheme. Account hijacking can hurt more people than just yourself, so stay vigilant and protect your social accounts!
Not to mention, this can cause severe reputational damage. If you own a business or use LinkedIn for your career, you may lose a lot of trust if your accounts are hacked. Also, losing your network can be a massive blow to your job and ultimately diminish your earning potential from lost opportunities. If you use the same password at your job as your personal accounts, you are inviting hackers into the framework of your entire company, for which you could end up liable.
These scams usually involve taking money through fake websites, crypto, etc. Sometimes, hackers will also distribute through your social media accounts, which can cause trouble for your network and loved ones with just one click. Some malware, like a botnet, can damage devices by running them too much and overheating them. No matter how you spin it, you may be causing multiple people to waste time and money trying to recover their compromised accounts and devices.
See more: Account Safety 101: What is Password Cracking?
Ditching a reused password plus extra security
So, how do you prevent all of this potential damage? We can’t say it enough: you must use unique, complex passwords for every account you make. You should never have any banking, social, or drive-type accounts sharing a password with each other or any other sites that may have a lower security threshold. You especially shouldn’t have the same password for your work account as any of your personal accounts.
Always enable 2FA, and learn the basics of creating a good password. At IPVanish, we offer a free Password Generator that you can use to create your passwords. Additionally, you can use Google Security Checkup to ensure none of your accounts are breached. Many browsers and devices use keychains to help you manage your passwords, so having to remember more than one password is no excuse. If you are using duplicate passwords, do not waste another second.
It’s also possible to have your passwords stolen over public Wi-Fi. If these credentials are duplicates, you open yourself up to everything we’ve listed today. Using a VPN while connecting to public Wi-Fi is one of the best ways to keep your private information safer, with the added benefit of encryption that will keep third parties out of your business. If you are a student or remote worker who likes to work from cafes, libraries, etc., a VPN is non-negotiable!
FAQs
Can I use a reused password for all my accounts?
Absolutely not. Using the same password for multiple accounts is never wise, especially if you are using the same ones for social media, banking, drives, and your work accounts. You are not the only one at risk when you’re careless with your password practices.
What are the dangers of a reused password?
A reused password can lead to credential stuffing, which occurs when login credentials stolen from one site are used on multiple sites to unlock more. This can cause financial loss, reputational damage, and even device loss in some cases.
How do I ensure I’m creating a good password?
One of the ways you can ensure you’re creating an acceptable password is with our free Password Generator. It uses dedicated algorithms to ensure you get a completely random stream of characters every time and offers suggestions on appropriate password lengths.