Creating complex and undecipherable passwords with a proper balance of alphanumeric characters can be a real struggle at times. Therefore, we are all guilty of recycling our old passwords.
While password managers exist for a reason, most people turn a blind eye to creating a new password and keep re-using the old ones across multiple accounts.
But what happens if we keep recycling old passwords? And how can we mitigate the risks that come with poor password management?
Why Do People Re-Use Old Passwords?
Are you among the many who use the same password for every website or account?
While re-using the same password defeats the purpose of having one, why are we so relentless in carrying on with this practice?
There can be many compelling reasons behind it. While most people struggle with creating unique passwords or don't know that passwords shouldn't get recycled, some are not willing to use a password manager or assume that they are invincible to cybercrime!
Whatever the reasons, password recycling comes with many serious repercussions.
The Many Dangers of Password Recycling
Password recycling can be your friend if you don't like jogging your memory or using modern alternatives to creating and storing passwords. But know that this friend will stab you in the back one day!
And with all the security awareness promoted everywhere, people are still recycling old passwords. Poll results from Google and a polling firm called Harris showed that 52 percent of users re-use the same password for multiple accounts.
Here is a list of dangers you can encounter by re-using your old passwords:
1. Multiple Account Compromises
An average internet user has tons of online accounts. If you craft a robust and perfect password for one account, you might get tempted to use it across all your accounts, thinking that will save you time and effort.
But the problem with this thinking is that it makes you more vulnerable to cybercrime. Let's say you use the same password for Facebook and online banking. Now, if Facebook suffers a data breach, such as the one it suffered in 2021, your bank account will become insecure as a result since you are sharing the same password between both accounts.
Or you could find yourself in a bigger nightmare if the recycled password is also weak, as this will make it easier for threat actors to hack into your other accounts.
2. Putting Your Corporate Accounts at Risk
If your personal account gets involved in a data breach, chances are, your corporate accounts will also be at risk if you were recycling the same password.
So, you are not only jeopardizing your own security but also the security of your organization as well as that of the other employees. And the more passwords and personal data that hackers can get their hands on, the more large-scale damage they can incur.
3. Falling Prey to Brute Force Attacks
Brute Force attacks entail guessing user passwords and logins by trying out a possible combination of credentials.
Recycling passwords across different accounts takes most guesswork out for the hackers. Also, most people who recycle passwords do it out of laziness and don't come up with hard-to-guess passwords to begin with.
Brute force attacks can lead to other data breaches, including credential stuffing and dictionary attacks. With each new attack, cybercriminals gain access to more passwords that they can use in future brute force attacks.
4. Becoming a Bait for Phishing Attacks
Phishing attacks use trickery and bait schemes such as sending out emails and notifications posing as someone else. The primary purpose of phishing attacks is to lure users into clicking an email attachment, downloading malicious files, or giving out sensitive and personal account information like username, passwords, date of birth, etc.
While phishing attempts are a threat to anyone and not only the people who recycle passwords, they can pose a bigger problem if you have used the same password across multiple accounts, as the damage can be more widespread and debilitating.
How to Mitigate the Risks of Password Recycling
If you value your online security and would like to ditch the old habit of password recycling, then the following tips can help you stay on the right track.
1. Change Your Default Passwords
One of the biggest mistakes we make is leaving default passwords, such as "admin" or "1234" unchanged. Default passwords are very convenient to remember, but they are also the go-to for most cybercriminals trying to hack into your accounts.
Always change your default password as fast as possible. And if the thought of forgetting your new password is preventing you from replacing it, then consider using a passphrase instead. A passphrase is a string of words compiled together to create a long phrase that is easy for you to remember but difficult for others to decipher.
2. Train Employees to Stop Recycling Passwords
Companies and businesses should offer password training sessions to all staff members. The training should not only emphasize the need to avoid password recycling but should also educate on the following aspects of password security:
- Do not share passwords with co-workers.
- Avoid phishing traps. Never reveal your password to anyone through email or phone call, regardless of how legit the requestor might sound.
- Change your password immediately if you feel that it is compromised.
- Avoid using password-protected services on a public computer or over a public Wi-Fi hotspot.
Remember that providing password awareness and good digital hygiene among end-users is crucial for maintaining a secure corporate network.
3. Use a Reliable Password Manager
Even if you create complex yet easy-to-remember passwords, you still need a centralized password management tool. Fortunately, password managers like Last Pass can generate robust passwords and store them securely for usage. What's more, you only need to remember one password to access the password manager.
Once logged into the password manager, you can log in to any of your stored accounts without needing to enter any other passwords.
4. Embrace Multi-Factor Authentication (MFA)
After knowing the dangers of password recycling, if you still end up using the same passwords for multiple accounts, then at least set up MFA for all your logins. MFA enhances security by asking you to provide an extra set of credentials rather than a plain old password.
Let's assume you were doing online banking with MFA enabled on your device. Once you enter your login credentials on the bank's page from your computer, the website will send an OTP (one-time-password) code to another pre-authenticated device like your cell phone. You will need to input that code into the bank website to finally gain access.
Passwords Are Your First Line of Defense
We all have several online accounts and a plethora of passwords to remember. This makes it challenging to come up with several unique passwords, causing us to fall into the trap of password recycling.
But don't forget that passwords are your first line of defense against any unauthorized access to your system. Thus, the amount of effort it takes to generate unique passwords—whether you use a password manager or create it the old-fashioned way—is worth it in the long run.
So, while recycling is an excellent practice in other areas of life, you should avoid recycling passwords at all costs.