« Back

Managing Passwords - a necessary evil

24/09/2018 - Information Technology

Passwords are a necessary evil and these days. Every website or application seems to have a different requirement for how complex the password needs to be. Ultimately you think up a password that you can finally remember and is complex enough for most occasions.

Re-using passwords - the security risk

It’s taken you a long time to commit this ridiculous password to memory, so now you want to make the most of it and use it for lots of logins. Great! Until one day you receive the ransom email with your password in it. And now someone you’ve never met is asking you for money!

Not everyone will receive an email like this, but one day you might (indeed, one of our clients did recently). So how did they hack your complex password? Well, the truth is that they probably didn’t.  This kind of email typically comes from historic hacks or leaks where large companies have had their user databases compromised.  As a member of that database, your password and username are now in the public domain.

If you are wondering whether your account has ever been part of these leaks you can check on this site.  It accesses lots of historic leak information and reports back which ones you may have been a part of.  If you are listed you must make sure you have changed the password for that account since the leak was made public.  Also, you will need to change any other account where you have reused that same password.

Use a Password Manager

This is why we recommend you use a different password for each account to minimise the impact of any future hacks on your life. But how can you remember lots of different passwords?

There are a number of techniques, but our recommendation is to use a password manager. This is a master list of all of your passwords protected by a master password.

It sounds risky to have all your passwords in one place, so it is important you take extra steps to protect this.  We suggest using a password manager with two factor authentication (2FA) to ensure that only you can get in.  Two factor authentication works by asking you to verify the login to the password manager using an independent form of communication, (often an app on, or code sent by text message to, your mobile phone).

It is even possible to get a password manager that has all this functionality for free so there is nothing stopping you from getting protected!  Take a look at this guide to find out which one is right for you.  And if you have trouble thinking up passwords here’s a fun site to get you started.