Don’t use the same password over and over again

Posted on Updated on by David LeonardCategories:Blog, Internet, Security and Privacy

Remembering usernames and passwords is a pain. It’s made much easier by using the same one for everything and never changing it.

Unfortunately, of course, what makes life easier for us also makes it easier for the hacker. If someone gets hold of one password then they can try it on any other of your accounts.

Yahoo is just the latest in a growing list of companies whose password databases have been hacked. Several other large online companies have also recently admitted that they think that huge chunks of their clients’ password information have fallen into the wrong hands. These companies include LinkedIn, eHarmony, and LastFM. If you receive an email from one of these organisations advising you to change your password then do so immediately. If you’ve used that same password on other sites then change all those passwords as well.

Bunch of Keys
Would you feel safe having only one key, that fitted every lock you own?
Yes, I know it’s a pain. It’s bad enough having to use all these IDs and passwords. It’s even worse that we have to try and make them unique and keep changing them. And now I’m suggesting that if LinkedIn (for instance) want you to change your password for that account then you should change the password for all the other accounts where you have used that same password? Yes, that is what I am suggesting.

“Fat chance”, I hear you say. You probably don’t even know which of your accounts use the same password and, anyway, you are ALWAYS going to have something better to do than organise your online passwords (re-arrange your sock drawer, for instance). Surely, no-one could have such a sad life that they’d even contemplate it?

an open Filofax
Write them all down in ONE place as soon as they are created or updated.
Well, if that’s your reaction, then I am prepared to risk sounding very condescending by suggesting you start a new habit now. Start writing down your IDs and passwords on real paper, with a real pen, and keep that information secure and in a place near your computer where you will always be able to find it.

Yes, I do know that that is a “security risk”. Anyone finding this master list will be able to get into everything. What’s the alternative? The proper alternative is to use a computerised, encrypted, password-protected, password manager. I use eWallet, and it works for me. However, if you use a program like this then you MUST take proper care in taking backups of the data and ensuring that you have a method of accessing the backup as well as the “live” file. If you are not completely sure that you have backups that will be accessible in all circumstances then you could get locked out of your own data. A manual record, on the other hand, is completely independent of all your computers and hand-held devices.

This advice comes as a result of many years of providing computer support to individual home users, professionals, and to small organisations. Over and over again I have been sitting with a client, trying to help them with a particular problem, and I have witnessed over and over again the frustration and the waste of time caused by not having a simple, foolproof, method of checking on what passwords were used in specific circumstances.

Filing Cabinet with Lock
What’s wrong with a good old lockable filing cabinet?
Writing everything down – as soon as the change happens – can save an enormous amount of time and frustration in the long run. If I still haven’t convinced you (or put you off reading the rest of this article), consider the situation where you’ve called me in to help you with something and we need a password or ID that you can’t find. In a lot of cases, of course, you simply contact the orgnisation in question and they quickly send you an email telling you how to change your password. If, however, we all spend 20 minutes trying to get into whatever it is that you want help with, then that is going to be £20 added to my invoice (at my current, very modest, rate of £60 per hour). In effect, you are being fined for not being able to find your password easily. And that is just what’s on my bill. What about all of your own wasted time and frustration?

I think we have to face the fact that we are going to have to live with multiple accounts, IDs (“usernames”) and their passwords for the foreseeable future. We might as well organise ourselves so that this is as painless as possible. To my mind, always being able to lay your hands on your password information is about as basic as it gets in aiming for that. And if that means getting a bit retro and digging out an old Filofax, then so be it.

End of harangue.

(Last updated 07/09/2023)

David Leonard