Why You Shouldn’t Reuse Passwords

Why You Shouldn’t Reuse Passwords


There’s an old saying in the hacker community – Hackers don’t break in; they log in. Contrary to popular belief, cybercriminals, for the most part, aren’t sitting in dark basements trying to guess their next victim’s password. Why should they when we make it too easy for them? But there’s a reason why you shouldn’t reuse passwords.

People know they shouldn’t use easy passwords. And they also know that they should never reuse the same password for more than one account. Yet they do. A Google/Harris Poll survey showed that well over half of people surveyed reuse the same password even though they know it poses a risk to their personal and corporate accounts. You also shouldn't let your browser store your passwords.

We get it…people are afraid of forgetting their login information and they want to be in control of their accounts. LastPass, a popular password manager, found that their users have an average of 38 online accounts. That’s 38 unique and complex passwords that must be generated. You’ve probably felt the aggravation that comes when you’ve forgotten the password for an account you’re trying to access. It’s frustrating. But not nearly as frustrating as it will be when your accounts get hijacked by criminals.

What is the real danger of reusing a password?

Password reuse can lead to what’s called credential stuffing attacks. That’s when a hacker takes leaked credentials for one account and uses those to gain access to a person’s other accounts. A credential stuffing attack can make hundreds of attempts on dozens of websites in just a few minutes. If Susie in finance uses the same password for her Facebook account as she does for your company’s accounting software, you could have a huge nightmare on your hands if that password falls in the wrong hands.

Is the risk of losing money, your reputation or even your business worth letting your employees continue to use weak or recycled passwords?

How to Combat the Password Problem

Two words: password manager. The solution is a no-brainer. Password managers or vaults take all the hard work out of trying to come up with and remember unique, hard-to-hack passwords. With a password manager, you only need to remember one password to access the manager. From there, all your passwords are securely stored.

Our top recommendations for business-grade password vaults are:

Thycotic Secret Server. Secret Server is a web-based application ideal for teams. It allows for the storage of privileged credentials in a military-grade encrypted centralized vault and is simple to use with a copy/paste function.

Passwordstate by Click Studios. Passwordstate is an on-premises, web-based solution for enterprise password management, where teams of people can access and share sensitive password resources. Role-based administration and end-to-end event auditing provide a secure platform for password storage and collaboration. Features such as 256bit AES data encryption, code obfuscation and enterprise scalability make it MIS’s enterprise password manager of choice.

LastPass (for single users). LastPass offers a business and team product but it does not compare well to either Secret Server or Passwordstate. It is better suited for individuals who want to protect their personal accounts.

If you’d like to learn more about how MIS Solutions can help keep your business secure, contact us today.