Then you are not on your own! Whether it’s home, work, Facebook, Gmail or even their banking app – most people end up using the same password everywhere.
Considering the sheer number of passwords we have to remember and use every day, then it’s no surprise that password exhaustion is a very real problem. And when yet another prompt pops up for a password, it’s little wonder that people opt for easily guessed combinations such as ‘password’ or ‘abc123’.
The problem is, even if your password is strong, hackers are spending their days on the internet, collecting logins and passwords from leaks and websites with security flaws.
Once they have those login details and passwords they’ll try them everywhere. Because they know that the majority of people have only one email and password combination, they also know that the chances of getting access to that individuals accounts are pretty high.
And we know that even some of the big names are at risk of breaches.
117 million LinkedIn account details were stolen back in 2012. Many changed their LinkedIn password. But few thought to change that same password where it was used on a different site.
In March 2020 Tesco was forced to issue 600,000 new Clubcard loyalty cards and admitted that fraudsters could have spent customers points. They believe that username and password combinations had been taken from other hacks and used on the Tesco site.
Don’t reuse Passwords!
Though password exhaustion is real, don’t ruse your passwords. Hackers will often use details stolen from one site to carry out a brute force attack on another.
So, once your credentials are out there, one site breach follows another. The only way to break the chain is to ensure you have different passwords for every site you are using. You should also activate multi-factor authentication for every account where it is available.
Create Easily Remembered But Difficult to Hack Passwords
One method is to have a system for creating your own unique passwords. You can make passwords that are difficult to hack but easy for you to remember.
This might seem complicated. However, you reuse the !Kitty**75! and swap out the website identifier – so LI for LinkedIn for example. This is an improvement but even then it’s not the most secure!
That’s why we would recommend a password manager. This is the best way to avoid password exhaustion and stay safe. A password manager will help you create a strong password and then remember this for you. As previously mentioned anywhere where MFA is available turn it on. Most apps, including WhatsApp, Facebook and Google have MFA options. MFA means you need more than just a username and password to access an account. For example a code my be sent via email or text. This makes brute force attacks very difficult.
What To Do If Your Password Has Been Hacked
First of all find it’s not that difficult to find out if you’ve been hacked.
There are websites out there that will provide this service but it’s best to use a reputable supplier such as your own IT Support Provider.
We can provide a FREE Dark Web Scan. This scans the Dark Web, the part of the internet where criminals hang out, and looks for exposed credentials. When you receive your report it will be obvious which username and password combinations have been compromised.
You need to change these passwords immediately. And not just on the site where they were exposed. You need to change them everywhere you have used them. Use secure passwords. Use a system like the one above if you must. But ideally get yourself a password manager and look at Multi-Factor Authentication for your accounts.
Passwords are often your first line of defence against cyber attack. Make yours difficult to guess and use different ones for different sites and you’ll be ahead of the game!
How We Can Help
To order a free Dark Web Scan or talk about Password Management and MFA just give us a call today on 0115 8220200 or complete our contact form and we’ll get straight back to you.
If you’d like some further information on keeping your data safe download our free eBook ‘The Business Owners’ Guide To Protecting Client Data’