In the modern world, we all have dozens, if not hundreds, of online services we log in to. From the daily occurrences like logging into our webmail to the once-a-quarter joy of signing in to our electricity provider’s online billing system, we are surrounded by usernames and passwords.
The Problem with Reusing Passwords
It’s tempting to reuse the same password across multiple sites or services, as it’s easier to keep two or three passwords in our head than it is to keep dozens. However, there are some very good reasons why this is a terrible idea:
- There’s a huge risk of multiple accounts being compromised. You probably trust Google or Microsoft to keep your data secure, but if you’re also using the same password on a random online shopping site you bought some mittens for your cat from, then you’re still at threat of losing your data (or potentially worse, having that data leaked to the entire world). Anywhere you use the same password for different sites, there’s a risk a hacker could get access to one just by getting access to the other.
- If you use the same password for a corporate account and a personal account, the same risk is multiplied even further. Suddenly it’s not just your data that is being exposed, but potentially the data of your organisation as well! If you’re the business owner with access to everything, this risk is again multiplied.
- Using the same password makes it easier for hackers for gain entry to your accounts through their brute-forcing algorithms. Password security relies on complex mathematics that is far easier to perform in one direction than in the reverse (a process called hashing). The more websites you use the same password on, the easier it is for this (mostly) one-way mathematical procedure to be successfully performed in the reverse.
The Solution
The solution to the problem of reusing passwords is simple and refreshingly easy to get used to: use a password manager. A password manager works by securely storing all of your passwords to every service you use behind one master password. A typical login to a website might work like this:
- You browse to the website’s login page.
- A prompt asks you to enter your master password (something long and secure, but still memorable) into the software installed on your computer.
- The password manager software autofills your username/email and password into the website.
- You’re logged in.
The great thing about this approach is that you always type the same password to unlock your password manager, so you only ever have to remember one password.
The password manager that we use and recommend is 1Password. It has modern, strong encryption which keeps your passwords safe. It has apps for all the major browsers (Chrome, Firefox, Edge, and Safari) as well as mobile apps for iPhone and Android.
Other options for password managers include LastPass, KeePass (a free option), and in a pinch, you could also use the password manager built into your browser (though this comes with downsides if you use a different device). Whatever you do, just make sure you are using one!
Once you have a password manager sorted, it’s time to revise our list of the top five corporate email mistakes.