Perennial Problems with Website Passwords

Another week, another breech reported, and another round of changing password on a number of website across the internet.

Even though people intuitively understand that they shouldn’t use the same password with their email address on each site, they do so anyway because the complexity of keeping track of all those different website passwords is more of an immediate problem than having to change a password across a number of sites because one of them has become compromised.

What makes it even harder is when you can’t remember which sites you might have signed up to using the password.

Best practice would be to have separate password for each site. Such a strategy would involve having some sort of secure password locker software that allowed you to retrieve the passwords as it became necessary. Of course the reality is that best practice requires a lot of effort. A lot of times when people sign up to a website, it is a one-off and they probably won’t ever return to that site. While it may be best practice to use a unique password for every site, that’s a lot of effort to go to if you are using the site only once.

When thinking about website passwords, think about the importance of the website. Have unique passwords for very important sites. If possible turn on two factor authentication. Your email and social media passwords should be unique.

One off accounts that you’re unlikely to use again don’t necessarily need to be unique – you just need to make sure that they aren’t the same as any of your important accounts.

Generally if an attacker compromises an unimportant account password, they are going to see if it is the same password that you use with an important account. For example, if they manage to compromise the database of the Chewbacca Rollerblading Forum you once posted to and figure out your password, they probably aren’t going to see if the same password works for the Lego Windmill Makers forum that you also once posted a few times at. Instead they’ll see if they can use those credentials to compromise gmail/Hotmail/facebook/twitter.

If your credentials for your important accounts are unique, this isn’t going to be a problem.

The key to website password security is keeping those important accounts with unique strong passwords. If they are unique and strong, you don’t have to worry so much when the account database of another site that you visit inevitably gets compromised.

Please or Register to post comments.

What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.

Contributors

Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than a dozen books for Microsoft Press, and he writes the Hyperbole,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×