02/01/2018

New Year, New Passwords

Why you need a different password for each online account

Imagine you have one key that unlocks every door or security device in your life. This special key unlocks your car, your office door, your safety deposit box or safe and your home. But what happens if the key is lost or stolen? Criminals could easily access all your belongings without much effort and in a short amount of time.

The same is true for people who use the same password for all their online accounts. Using the same password for email, social media, banking, and credit card accounts makes it easy for cybercriminals to cause serious damage in little time. A recent study by the University of Illinois suggested that three in five people use the same password across multiple online accounts, which means that cybercriminals have plenty of opportunities to cause harm.

When you reuse your password, you weaken the security features of the safest websites you visit.  For example, the website for your credit card account may have more security features than the website for your online newspaper account. However, if you use the same password for both, a cybercriminal who compromises your newspaper account may also be able to access your credit card account. As a result, the additional security features on your credit card website become useless.

Here are some simple steps to help keep your passwords safe:

• Don’t use the same password for multiple websites. Make sure you are using different, unique passwords for each of your online accounts. This is the easiest and best way to secure accounts and personal information against a cyberattack.
• Use strong passwords or passphrases. Use longer, strong passwords that have at least 12 characters and include random special characters, letters, or numbers. Or, try using a passphrase instead.  A passphrase is a sentence or combination of words that is easy to remember but longer and more complex than a traditional 8-to-12-character password. (For more information, read this “Ohio CyberWatch” article about passphrases.)
• Change your passwords if your account has been breached. If any of your online accounts were breached, or even if there is a strong possibility that one of your accounts may have been compromised, change the passwords to all of your accounts.  
• Don’t keep passwords written on a list that you keep with your computer or mobile device.  While this won’t protect you from online threats, it will keep your personal information safe if your device is lost or stolen. If you prefer to write down your passwords, store them away from your computer in a safe or a safety deposit box that only you and someone you trust has access to.
• Don’t store your passwords in one unsecure location on your computer or mobile device.  Many people keep their passwords in a single Word document, Excel spreadsheet, or other unsecured location on their computer. Don’t do this. Cybercriminals know that passwords are frequently stored in unsecured Word or Excel files and they often look for such files when they first break into your computer. 
• Consider using a password manager.  If you have trouble remembering passwords or don’t have the time to put together a variety of passwords, try using a password manager. A password manager stores your login and password information for all the websites you use and helps you log into those websites automatically. The password manager encrypts your password list with a master password, which is the only password you have to remember. The type of password manager that you use depends on personal preference and whether you want to pay for certain services or features. Research your options and find which password manager works best for you.

This article was provided to OSAE by the Ohio Attorney General.