We’ve all heard the advice to create a unique and strong password for every site you access, and never reuse passwords. While this advice has been heard time and time again, it is largely ignored (more than 50% according to a quick Google search). Why is it so important to use different passwords? Because thieves (hackers) understand that people are, after all, people and they will do what’s easy. Remembering a unique username and password when you have one online account is easy; however, most people have dozens of accounts today. So, the easy thing to do is to reuse passwords across sites. Hackers understand this and continually find ways to exploit this vulnerability.
By now, you’ve probably heard of the iOS devices that were hacked and held for ransom earlier this week. In case you’re not familiar with this story, it appears that someone (calling himself Oleg Pliss) has used the Find My iPhone feature to lock (and demand ransom to unlock) a bunch of iPhones and iPads. Apple has indicated that iCloud has not been breached – which implies that the hacker used some other means to discover the passwords. Most security experts believe that using the same password across services is the root cause of the issue here. By the way, if your device gets hijacked, don’t pay the ransom…call Apple Support for help.
Using strong and unique passwords for each account is the Internet equivalent of practicing safe sex. If you only do this some of the time, you are still putting yourself at risk. You can’t trust the sites you frequent to always keep your data protected. Don’t get me wrong, any viable business will do everything in its power to protect your data and your accounts. However, even the biggest and best online companies are susceptible to attacks (see Chris Webber’s recent blog on the attack on eBay).
At Centrify, we dream of a day where ISVs will do away with passwords and all sites and services will rely on secure tokens (i.e. SAML) for access to resources. Until that day arrives, be smart, be safe and use unique and strong passwords for all of your accounts!