Read time: 3 minutes

The importance of unique passwords

The importance of unique passwords

For many years, the security industry has advised computer users to choose long and complex passwords to protect their data and accounts, because it's their very length and complexity that determines how onerous a task it is to crack them. At the end of the day, passwords are the key to the fortress, and even walls of steel that are meters thick are useless if the front door lock can be picked in a few minutes.

However, recent breaches, such as the Ashley Madison breach where the identities of 37 million potentially cheating spouses were exposed, begs the question of whether we are focussing too much on long and complex passwords, as they can be compromised should the Web site have inadequate security measures in place.

Simon Campbell-Young, CEO of Phoenix Distribution, says strong passwords are not linked to any details about the holder, such as children's names or birthdays. They cannot be guessed by knowing a little bit about the holder, and are resistant to brute force hacking. They are also not the more obvious ‘password' or ‘123456' types of choices that a surprising amount of people still use.

However, he says that many Web sites with very specific password mandates, indicating that a password is weak, medium or strong, don't really analyse the strength per se, they only look at whether or not there is enough differentiation in terms of a mixture of upper and lower case, numbers and special characters, as the more differentiation there is, the more brute-force combinations will need to be used by hackers.

A strong password will certainly be more difficult to crack on Web sites that have basic password obfuscation methods in place, but a strongly protected weak password, is most likely as good as a badly protected strong one.

"Today, most of us are overwhelmed by the sheer number of passwords and logins we need to remember. Every financial account, online shopping account, social media site, loyalty programme - the list is endless. It is no wonder that many people use the same password for each and every one, and keep their fingers crossed that each site and service has measure in place to prevent the interception of your password."

He says that for anyone who uses the same password everywhere, any single breach in which it's exposed that an organisation didn't protect password entry or storage, will be exposed at every other site. When your password leaks, cyber criminals now have an email address, username, and password combination they can try on other Web sites. "The solution here, is to create strong, unique passwords by using a password manager, that don't require memorise a plethora of individual passwords."

According to Campbell-Young, password managers store your login information for all the Web sites you use and help you log into them automatically, encrypting your password database with a master password, the only one you'll be required to remember.

A password manager offers ease of mind, he says. "When you use a password manager and need to log into a Web site, you'll visit the Web site, but instead of typing your password into the site's login space, you type your master password into the password manager, which will automatically fill the appropriate login information into the Web site. No longer must you think about which email and password you chose for this particular site, the password manager does all the work for you. Similarly, when you are creating a new account, the password manager will issue a popup and offer to generate a secure, unique password for you."

Daily newsletter