Three years ago we wrote an article 52% of users reuse their passwords. At the time, more than half of people were using the same passwords to protect two or more online services.
Now three years later it appears that password reuse is still a serious problem. People are still putting their personal data at risk of theft. And when reusing passwords at work, they are also placing their employer in danger of falling victims to hackers and cybercriminals.
One report quoted by Computing magazine suggests that 80% of all hacking-related breaches are password related. This is what hackers do with your duplicated passwords:
Credential stuffing
Credential stuffing is an attack where hackers will use a long list of usernames and passwords to try and break into a computer system. An automated script tests thousands of username and password combinations trying to find a match that allows them to log into the system.
These lists are commonly traded or sold on the dark web and may contain hundreds of thousands of credentials.
Credential stuffing relies on an element of luck because the list may not come from the service under attack. If you reuse passwords, there is a far greater chance of hackers hitting on the right combination and accessing your online account.
Dictionary attacks
A dictionary attack works on a similar principle, but instead of using a list of known credentials, they rely on a list of known email addresses and popular passwords and phrases. Again, an automated script tests every password against each username, trying to find a combination that works.
Anyone who uses a common password like 123456 or abc123 could find themselves being compromised by a dictionary attack.
Password spraying
Password spraying is very similar to a dictionary attack in that it uses a list of known email addresses and common passwords. However, the spray method tests one password against each email addresses before moving on to the next one in the list.
Password spraying attacks are increasingly popular with hackers because they are slightly harder to detect. For a busy website, thousands of failed logon attempts are not suspicious – unless they are all logged in a row against the same email address (which is what the dictionary attack method does).
Please stop reusing passwords
With so many different accounts, it is always tempting to take the easy option and reuse a password. But every time you take a shortcut, you increase the risk of becoming a victim of cybercrime.
If you cannot create and remember enough strong passwords, try using a password manager instead. This is a simple, secure tool that will automatically create – and remember – your passwords automatically. You only have to remember a single password – the one used to secure the password manager itself.
For maximum protection – and simplicity – choose a password manager that works across all of your devices. Panda Dome Passwords will secure all of your credentials on your smartphone (iOS and Android) and your computer – it even integrates directly into your web browser to make life even easier.
But however you choose to proceed, please stop reusing passwords!