How safe are your passwords?

If you use the same password for all your online accounts, you are not safe.

The number of exposed accounts with easy passwords increase every week. The security website HaveIBeenPwned now lists over 359 million MySpace and 164 million LinkedIn accounts, among other major websites.

If you use the same or similar password for many of your accounts, criminals can use these breaches to gain access to other accounts, just by trying the breached account details on your other services.

Recent attempts into Government and Corporate systems may be related to breaches of AdobeSnapchat and Forbes databases. Remote sharing software recently attacked include TeamviewerLogMeIn and Citrix GoToMyPC.

As an example, if you use the same password on LinkedIn and Twitter, ‘hackers’ can use the data stolen from LinkedIn in 2012 to log into your Twitter account.

The webcomic XKCD summed this up rather well:

XKCD Password Reuse

What can you do?

Change your passwords on a regular basis.

Yearly password changes can stop ‘hacks’ plaguing celebrities and businesses alike. Vital services such as your main email account passwords should change quarterly.

Enabling Two Factor Authentication (2FA) is an added level of security that many online services offer. 2FA apps generate a security code through your phone like previous bank security devices.

Use a secure password manager to store and sync your passwords.

We recommend LastPass, which also checks for weak passwords and can generate random passwords. It also supports Two Factor Authentication integration. A Premium account can share business accounts with other employees.

Computers should also be running up to date antivirus subscriptions. Targeted malware attacks can still compromise Password Managers and Browser password storage.

Check the current database of breached websites and change or close any old accounts.

Security sites including HaveIBeenPwned can search over 1 billion accounts that have been compromised. You can then log into these accounts and close them, or change the password to a more complex one.

Lock your mobile phone.

Set a strong PIN to access your phone. Configure the Find My iPhone or Android Device Manager to track the phone if it lost or stolen. Enable remote wiping so that pickpockets cannot access your accounts.

Only 36% of consumers surveyed in 2014 had a screen lock on their phone and less than 30% had a backup of their phone data.


Subscribe to the Australian Government’s Stay Safe Online alert service to be informed of the latest threats to online security:

Consult a computer professional should you believe that your accounts or computers have been compromised.