Everyone who has used the same password for more than one Internet account, raise your hand.
OK. I’ll be the first to admit that I have used the same password for multiple accounts on the Internet.
And, oops, I’ll also admit that I may still be using the same password for multiple accounts on the Internet.
Yes, I think it’s a very strong password.
In fact, I know it’s a very strong password.
But, that doesn’t matter if it’s compromised because then more than one account will be at risk.
Still, I can be just as lazy as the next guy and easily fall into the habit of using a password or passphrase for more than one account.
But is it really dangerous? Is it?
Yes, it is.
Let’s check in with cybersecurity expert Brian Krebs to get a real life example of why it’s dangerous.
In a blog post, “Password Reuse Fuels Starwood Fraud Spike,” Krebs lays out how cybercrooks – even low-skilled crooks – can take advantage of stolen passwords to check multiple accounts of victims.
“Two different readers have written in this past week to complain about having their Starwood Preferred Guest loyalty accounts hijacked by scammers. The spike in fraud appears to be tied to a combination of password re-use and the release of a tool that automates the checking of account credentials at the Web site for the popular travel rewards program.
“The mass compromise of Starwood accounts began in earnest less than a week ago. That roughly coincides with a Starwoods-specific account-checking tool that was released for free onLeakforums[dot]org, an English-language forum dedicated to helping (mostly low-skilled) misfits monetize compromised credentials from various online services, particularly e-retailers, cloud-based services and points or rewards accounts.
“The tool is little more than a bit of code that automates the checking of account credentials stolen from other data breaches, to see if the stolen credentials also work at Starwoods.com. These types of account checking tools work because — despite constant advice to the contrary — a fair number of Internet users will rely on the same email address (username) and password pair for accounts at multiple sites. …
“According to a tutorial posted on the forum, hijacked account buyers “cash out” their purchases by creating new Starwood accounts and then forcing the hijacked account to transfer its account balance to the new account. The reward points are then exchanged for gift cards that can be used as cash.” [emphasis added]
OK. There’s a lot more detail in Krebs’ post, and I encourage you to read it because it’s both informative and very interesting if you want to learn at least one variation of how cybercrooks turn stolen data into money.
But, you get the point. And yes, I get the point as well.
Using the same email/password combination puts you at risk of having your Internet-based accounts compromised and stolen.
By the way. While we’re discussing password security, if you want to see the list of the most used passwords in 2014, check out “This List Of 2014’s Worst Passwords, Including ‘123456,’ Is Embarrassing.” And, if you’re using any of the passwords on that list, please change to a far more secure password or passphrase.
OK. Write me at [email protected] and tell me if you use the same email/password combination for more than one Internet account.
Be honest! But don’t tell me the password. It’s never safe to email a password!
Be safe, secure and free!
Rob Douglas – Former Washington DC Private Detective and Certified Identity Theft Risk Management Specialist
Freedom Writers Publishing
1815 Central Park Dr. #358
Steamboat Springs, CO 80487