Online security issues continue to vex the public. Recently, Etsy had to inform some of its members that the password problems at LinkedIn may have an impact on them. “This issue only affects people who had an account with LinkedIn in 2012 and who use the same credentials with Etsy now that they did with LinkedIn then,” Etsy’s Rich Smith wrote. Etsy urged those members to do password resets right away.
Readers who sell and/or buy on eBay may recall how eBay suffered a breach in 2014 that compelled the company to ask users to change their passwords.
Using the same password on multiple sites isn’t just a bad idea these days. It’s an incredibly bad idea. “It’s always been a concern, but because breaches keep happening it’s critical to never reuse passwords,” Joe Siegrist, VP & GM of password manager service firm LastPass told EcommerceBytes.
“It’s clear that if you do, you will be burned because once you are breached on ANY of your sites, ALL fall at the same time when you’re reusing passwords. With big data breaches in the news so often, it’s important that we all do more to protect ourselves online.”
“There are several easy strategies to make yourself less vulnerable. Unique passwords ensure that a breach at one website doesn’t result in a stolen account at another. Services like Gmail, PayPal, and Dropbox have reported hackers breaking into user accounts with usernames and passwords leaked in other breaches. With unique passwords, you’ll successfully stop these attempts,” Siegrist said.
He further provided some guidelines on creating unique passwords – helpful for those signing up for a site as a new customer or changing duplicates they have on existing sites. Siegrist also suggested people take advantage of two-factor authentication if it’s offered by a site.
- Use a password that is at least twelve (12) characters in length
- Do not use dictionary words in your password
- Use uppercase and lowercase letters (Security researchers have found starting a password with a lowercase letter actually creates more work for password cracking software)
- Use numbers
- Use symbols such as $, %, &, etc.
“While long, complex passwords are important, it’s equally important that each password you use is unique. No two accounts should ever use the same password. A password generator can help you accomplish this,” Siegrist said, noting that LastPass has this functionality built in and remembers the passwords a user creates.
“If you are re-using any of your passwords on more than one account, even if you have an “unimportant” password and an “important” password tier, it’s very unsafe. Since a password can be used anywhere in the world, there’s never a reason to give two different companies the same password. It makes it way too easy for a hacker to attack one site and get your password to all the others,” he said.
Siegrist echoed the concerns by Etsy over password reuse by some of its members. “Major service providers have reported hackers breaking into user accounts with usernames and passwords leaked in other breaches,” he said. “By using a different password for all accounts, you’ll stop these attempts from being successful.”