Windows Secrets Newsletter: Reusing passwords comes at a price

windows secrets

By Woody Leonhard/Windows Secrets Newsletter

You can find no end of advice on creating strong passwords, using clever tricks, stats, mnemonics, and such.

But all too frequently we (and I include myself in this rebuke) tend to reuse little passwords at what we think are inconsequential sites. It’s a big mistake — here’s why.

This story is true. As the admonition goes: only the names have been changed to protect the innocent.

I live in a small town a coupleof hours away from a big city we’ll call Metropolis. There are several daily newspapers in Metropolis, and one of the largest (let’s call it the Daily Planet) boasts a very nice website. The people who create and maintain the Daily Planet site are excellent designers and programmers — but they aren’t security experts.

One of Metropolis’s citizens is a regular guy named, oh, Joe. He’s pretty good with computers, and he knows enough to use strong passwords on bank and stock-market sites.

But Joe just got hacked — and bilked in a most unexpected way.

Here’s the rest of the story.

This post is excerpted with permission from Windows Secrets.

142 total views, 2 views today

(Visited 3 times, 1 visits today)

3 thoughts on “Windows Secrets Newsletter: Reusing passwords comes at a price

  1. I use a system which allows me to have a different password for every site with NO memorization or record keeping. I take the site name and do a certain thing to it. For instance, you could take the number of letters and insert it between each letter (a6m6a6z6o6n6 for amazon.com), or change the letter by going up one (bnbapo for amazon.com), or whatever you can think of. Just do the same thing at every site, and you have a unique password that you do not have to remember! (if the site name isn’t long enough for my “twist” to satisfy the password requirements, I just do it twice)

  2. Sorry, but I have to disagree with
    the basic premise of your advice.
    1st, NOBODY uses a different
    password on every site, etc, that
    they visit. I’ve been on the web
    since 1992 and I’m sure I have put
    in a username/email addr and
    password at least 500 times. To
    keep track of every different
    combination would require a small
    and very well indexed book!

    I will agree that not every site
    is created equal, and those that
    deal with money (Banks, credit
    cards, Amazon, etc) or other
    sensitive info need to be
    treated differently than those
    that give you the weather. It’s
    also true that the sensitive
    sites use more security than
    the inconsequential ones, but I
    guess that by now it’s been
    proven that any site can potentially
    be hacked. But if you get burned that way, way it’s probably not because you
    used a poor or duplicate password.
    I tried to look at the password
    encryption sites mentioned, but
    my eyes crossed and glazed over
    before I got very far. I am certain
    they are a great idea, but far beyond
    the need or understanding of the
    average user. And I would worry that
    if something happened to the
    site/software, that I would lose
    ALL my passwords, which had been
    changed to cyphers.

    I agree that more than one password
    should be used, and the really
    sensitive ones changed from time to
    time. (My bank requires that,
    anyhow). I think it’s asking too much
    to expect the average user to do
    more than that.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.