Most people these days have many user accounts which are used to log in to, computers, software and websites such as shopping, banking, email, social media. Passwords are the most common way to prove your identity when logging in to these accounts.
We are told how important it is to use good, strong passwords, but as many of us have lots of passwords to remember we often, use the same password for multiple logins, make them too simple or write them down where they can be found by others.
Ideally, you should never use the same password with more than one user account, and avoid ‘recycling’ passwords (making a small change to a single password, e.g.: tiger, tiger1, tiger2… ).
You may not think it is important to have a unique strong password on a website for a supermarket, but if you have used that password for other accounts, they would all need to be changed as well, if someone found out that password.
In particular, you should make sure that you have a strong email password and that it is kept safe, as an email address is often used as the username for many of your accounts. If someone were able to get access to your email, they could send password reset requests to your email and change the passwords on those other accounts.
It is also important to use different passwords for different websites because a number of companies have been breached over the past few years. Username and password combinations have been leaked on to the internet, so if you used the same password for your email, bank and social media and one of those was breached and leaked, all accounts using that username/password combination would be at risk.
https://haveibeenpwned.com is a website where you can check to see if your details appear in any of the breaches they are aware of. You can check by just typing in your email address, it’ll show results of websites where your details could have been leaked. There are a lot of websites that have been breached and you can see the list of the ones they are aware of here: https://haveibeenpwned.com/PwnedWebsites.
So, as we need to remember lots of strong passwords and they need to be kept safe, one method is by using a Password Manager.
There are number of types of password managers:
- Web Browsers can save passwords for you and if you sign in they can sometimes be synced between devices.
- Websites, such as lastpass.com, dashlane.com, etc., save user account details in the cloud, so they can be accessed from anywhere with internet access. Some of those sites have plugins so it can be integrated into your browser.
- Some mobile phones and tablets also have a built in password manager and if you sign in, passwords can be synced across devices.
- Standalone software which can be installed on computers.
We have installed password manager software on all staff PCs called KeyPassXC, there is a guide on how to use it here.